Force the client to use one specific EAP method

Alan DeKok aland at
Wed Apr 19 15:15:12 CEST 2017

On Apr 19, 2017, at 8:58 AM, LUCA <sfire at> wrote:
> First, let me thank you for the explanations so far.
> Maybe I found a "solution".
> The Access-Challenge packet contains an EAP Request in which it is specified the EAP method that the supplicant should use.
> So I was thinking that maybe I could edit the EAP Request with an EAP method of my choosing, using for instance scary.

  You're still stuck on what you want to do.  Your wishes are nice, but they're just wishes.

  The limiting factor here is what the client can do.

> Of course the client could still NAK it and reply with another EAP method.
> By the way, which could be the exact reason for a client to NAK the suggested EAP method? Shouldn't the supplicant support almost all the EAP methods suggested from the server?

  No.  The clients typically support 2-3 EAP methods.

  What you want is easy if you write your own EAP supplicant software.  Otherwise, it's pretty much impossible.

  Now please believe us, and stop trying to do the impossible.  It's impossible.

  Alan DeKok.

More information about the Freeradius-Users mailing list