EAP-PEAP with "special" users
Alan DeKok
aland at deployingradius.com
Fri Feb 6 14:49:36 CET 2015
On Feb 6, 2015, at 8:41 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
> I want to add some test user accounts that can be authenticated through EAP but use a flat file rather than ntlm_auth. What's the recommended way of handling this without harming the performance of the majority of the users who will not appear in the users file?
Put the special users in the “users” file. Then, be sure that they’re not using ntlm_auth:
bob Cleartext-Password := “hello”, MS-CHAP-Use-NTLM-Auth := no
The “users” file puts entries into a binary tree. So it’s fast. The performance hit (if any) will be negligible compared to the cost of doing SSL. The RSA calculations need for SSL are *slow*.
Alan DeKok.
More information about the Freeradius-Users
mailing list