authentication order

Rui Ribeiro ruyrybeyro at gmail.com
Mon Jun 9 10:16:22 CEST 2014


Hi Dan,

Please read better the previous answer. Alan already told you EAP is
authentication and MAC is authorisation. EAP also supports several types of
authorisation, and you arent being very clear of what you intend to do.

 The sooner your learn how the process works, the better you are. It is no
use to put together a few recipes over the Internet, if then you both cant
maintain the service or do not understand how
it works.

Search the list arquive for answers before posting here, for starters
discussions about policies to whitelist or blacklist MACs are rather
frequent.

Regards


> Message: 5
> Date: Sun, 8 Jun 2014 18:00:31 -0500
> From: Dan Letkeman <danletkeman at gmail.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: authentication order
> Message-ID:
>         <CAPY==jk0CzgvJC8+bux2XtBD2kiMoo=7S3OrfG68ML=
> SPwo8ng at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> On Sun, Jun 8, 2014 at 5:39 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > Dan Letkeman wrote:
> > > I am trying to find some info on authentication ordering.
> >
> >   Probably because no one uses that term.
> >
>
> Ok, but I just did, so I guess I use that term :)
>
>
> >
> > > Is it the client(switch or wireless controller) that defines the
> > > authentication ordering or is it the radius server?
> >
> >    You're asking the wrong question.
> >
>
> Yes, I am asking the wrong question, because I need help, otherwise I would
> not be posting a question.....(:
>
>
> >
> > > If it is the radius server how would I define EAP as the first
> > > authentication method and then mac authentication as the second?
> >
> >   MAC auth isn't authentication.  MAC auth is just another authorization
> > check.
> >
>
> Ok, so I can authorize a user based on there mac address.  I can also
> authenticate a user using EAP.  I want to authenticate a user using EAP,
> but if the device that a user is using does not support EAP I would like to
> authorize a user based on the mac address as a last resort.
>
>
> >
> >   EAP is authentication.  As part of authorizing a user, you can deny
> > them access because their bills aren't paid, or because they're using
> > the wrong MAC.
> >
> >   Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140608/1c4a8ee8/attachment-0001.html
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140609/0740afd9/attachment.html>


More information about the Freeradius-Users mailing list