Force the client to use one specific EAP method

Matthew Newton mcn4 at leicester.ac.uk
Wed Apr 12 18:59:33 CEST 2017


On Wed, Apr 12, 2017 at 02:00:40PM +0000, LUCA wrote:
> >You've already done that by limiting the EAP methods on the
> >server. If the device can't connect now then it's device
> >configuration as you said.
> 
> Yes, now the device can't connect because it does try to use one
> method no longer configured on the server.

Right. Configure the device.

> But there is no way, during the negotiation process, to make the
> server tell the client to use one specific EAP method?

I'm really not sure how many times we have to say that the choice
of EAP method is up to the device, not FreeRADIUS.

There is no amount of poking or prodding FreeRADIUS that will fix
this.

> Yes, definitely not manually configured devices.
> I'm trying to leave the configuration tool as last option.
> As I already said it would be impractical.
> Without mentioning the massive disservice this will bring in the first few weeks.

It sounds like you don't like the answer you're getting. Sorry. If
you invent a better way I'm sure everyone else will be quite happy
to know.

Until then, you have two options

1. configure FreeRADIUS to use the type of auth that the devices
   want to use;

2. reconfigure the devices.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list