EAP-PEAP with "special" users
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Fri Feb 6 15:39:25 CET 2015
On 06/02/15 13:49, Alan DeKok wrote:
> On Feb 6, 2015, at 8:41 AM, Jonathan Gazeley <Jonathan.Gazeley at bristol.ac.uk> wrote:
>> I want to add some test user accounts that can be authenticated through EAP but use a flat file rather than ntlm_auth. What's the recommended way of handling this without harming the performance of the majority of the users who will not appear in the users file?
> Put the special users in the “users” file. Then, be sure that they’re not using ntlm_auth:
>
> bob Cleartext-Password := “hello”, MS-CHAP-Use-NTLM-Auth := no
>
> The “users” file puts entries into a binary tree. So it’s fast. The performance hit (if any) will be negligible compared to the cost of doing SSL. The RSA calculations need for SSL are *slow*.
>
> Alan DeKok.
>
>
>
Thanks. Will I need to reference the 'files' module in the inner or
outer virtual server? Or both?
Thanks,
Jonathan
More information about the Freeradius-Users
mailing list