Force the client to use one specific EAP method

LUCA sfire at hotmail.it
Wed Apr 12 16:00:40 CEST 2017


>You've already done that by limiting the EAP methods on the
>server. If the device can't connect now then it's device
>configuration as you said.

Yes, now the device can't connect because it does try to use one method no longer configured on the server.
But there is no way, during the negotiation process, to make the server tell the client to use one specific EAP method?


>Yes, people do that with setup or onboarding tools. That's just
>the way it is. Look at it in a good way - at least you can make
>sure all clients have the correct CA trust and security settings.
>Manually configured devices are notoriously bad at this.


Yes, definitely not manually configured devices.
I'm trying to leave the configuration tool as last option.
As I already said it would be impractical.
Without mentioning the massive disservice this will bring in the first few weeks.



Luca

________________________________
From: Freeradius-Users <freeradius-users-bounces+sfire=hotmail.it at lists.freeradius.org> on behalf of Matthew Newton <mcn4 at leicester.ac.uk>
Sent: Wednesday, April 12, 2017 2:42 PM
To: FreeRadius users mailing list
Subject: Re: Force the client to use one specific EAP method

On Wed, Apr 12, 2017 at 12:06:26PM +0000, LUCA wrote:
> >One of the few things which work very nicely in EAP is the
> >method auto-negotiation. :-)
>
> Yes but for what I'm trying to accomplish I really need to
> address the negotiation to one specific method :-)

You've already done that by limiting the EAP methods on the
server. If the device can't connect now then it's device
configuration as you said.

Yes, people do that with setup or onboarding tools. That's just
the way it is. Look at it in a good way - at least you can make
sure all clients have the correct CA trust and security settings.
Manually configured devices are notoriously bad at this.

Matthew


--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html>
www.freeradius.org
Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ...




More information about the Freeradius-Users mailing list