EAP and automatically authenticating users

Phil Mayers p.mayers at imperial.ac.uk
Thu May 17 14:33:33 CEST 2012

On 17/05/12 12:18, David Peterson wrote:
> They are currently using EAP-TTLS. I tried to add something in last
> night but either the lateness of the evening or my skills were not up to
> par. Where would you add the access-accept?

Something like this in "sites-available/inner-tunnel":

authorize {
   # check the username, and also check the request is PAP
   # i.e. there's a User-Password sent from the client
   if ((User-Name == permit) && (User-Password)) {
     update control {
       Auth-Type := Accept

There are other variants; the list of users could be in SQL, LDAP, 
files, etc.

More information about the Freeradius-Users mailing list