EAP and automatically authenticating users

Phil Mayers p.mayers at imperial.ac.uk
Thu May 17 09:21:38 CEST 2012

On 05/17/2012 06:15 AM, David Peterson wrote:
> I have a couple of users who have unknown usernames and passwords.  They are
> also using EAP-TTLS for authentication.  Is there a way to automatically
> authenticate all of them and if so, can I also send the Framed-Filter-Id
> attribute with the authentication response as if the user were truly
> authorized.

If they are doing EAP-TTLS/PAP, yes - you can force "Auth-Type = Accept" 
in the inner tunnel, and send any reply attribute you like including 

For any other EAP type/combination, no. They're all challenge/response 
mechanisms that require successful completion of the cryptographic 
exchange, which requires shared secrets (passwords).

More information about the Freeradius-Users mailing list