Force the client to use one specific EAP method
Matthew Newton
mcn4 at leicester.ac.uk
Wed Apr 19 15:40:27 CEST 2017
On Wed, Apr 19, 2017 at 12:58:28PM +0000, LUCA wrote:
> The Access-Challenge packet contains an EAP Request in which it
> is specified the EAP method that the supplicant should use.
> So I was thinking that maybe I could edit the EAP Request with
> an EAP method of my choosing, using for instance scapy.
That's basically what the default eap method configuration does.
> Of course the client could still NAK it and reply with another EAP method.
It likely will, unless it is already configured to use the method
that the server suggested.
> By the way, which could be the exact reason for a client to NAK
> the suggested EAP method?
Because it doesn't want to use the method that the server
suggests.
> Shouldn't the supplicant support almost all the EAP methods
> suggested from the server?
No. It uses whatever has been configured on the client.
Sorry, but I'm done on this. You're not listening, so there's no
point repeating myself every time. There is no getting around the
fact that you are going to have to configure the client devices if
you want to set the EAP method that you want them to use.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list