authentication order
Dan Letkeman
danletkeman at gmail.com
Mon Jun 9 01:00:31 CEST 2014
On Sun, Jun 8, 2014 at 5:39 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> Dan Letkeman wrote:
> > I am trying to find some info on authentication ordering.
>
> Probably because no one uses that term.
>
Ok, but I just did, so I guess I use that term :)
>
> > Is it the client(switch or wireless controller) that defines the
> > authentication ordering or is it the radius server?
>
> You're asking the wrong question.
>
Yes, I am asking the wrong question, because I need help, otherwise I would
not be posting a question.....(:
>
> > If it is the radius server how would I define EAP as the first
> > authentication method and then mac authentication as the second?
>
> MAC auth isn't authentication. MAC auth is just another authorization
> check.
>
Ok, so I can authorize a user based on there mac address. I can also
authenticate a user using EAP. I want to authenticate a user using EAP,
but if the device that a user is using does not support EAP I would like to
authorize a user based on the mac address as a last resort.
>
> EAP is authentication. As part of authorizing a user, you can deny
> them access because their bills aren't paid, or because they're using
> the wrong MAC.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140608/1c4a8ee8/attachment.html>
More information about the Freeradius-Users
mailing list