authentication order

Dan Letkeman danletkeman at
Mon Jun 9 01:00:31 CEST 2014

On Sun, Jun 8, 2014 at 5:39 PM, Alan DeKok <aland at>

> Dan Letkeman wrote:
> > I am trying to find some info on authentication ordering.
>   Probably because no one uses that term.

Ok, but I just did, so I guess I use that term :)

> > Is it the client(switch or wireless controller) that defines the
> > authentication ordering or is it the radius server?
>    You're asking the wrong question.

Yes, I am asking the wrong question, because I need help, otherwise I would
not be posting a question.....(:

> > If it is the radius server how would I define EAP as the first
> > authentication method and then mac authentication as the second?
>   MAC auth isn't authentication.  MAC auth is just another authorization
> check.

Ok, so I can authorize a user based on there mac address.  I can also
authenticate a user using EAP.  I want to authenticate a user using EAP,
but if the device that a user is using does not support EAP I would like to
authorize a user based on the mac address as a last resort.

>   EAP is authentication.  As part of authorizing a user, you can deny
> them access because their bills aren't paid, or because they're using
> the wrong MAC.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list