Force the client to use one specific EAP method

Matthew Newton mcn4 at
Wed Apr 19 15:40:27 CEST 2017

On Wed, Apr 19, 2017 at 12:58:28PM +0000, LUCA wrote:
> The Access-Challenge packet contains an EAP Request in which it
> is specified the EAP method that the supplicant should use.
> So I was thinking that maybe I could edit the EAP Request with
> an EAP method of my choosing, using for instance scapy.

That's basically what the default eap method configuration does.

> Of course the client could still NAK it and reply with another EAP method.

It likely will, unless it is already configured to use the method
that the server suggested.

> By the way, which could be the exact reason for a client to NAK
> the suggested EAP method?

Because it doesn't want to use the method that the server

> Shouldn't the supplicant support almost all the EAP methods
> suggested from the server?

No. It uses whatever has been configured on the client.

Sorry, but I'm done on this. You're not listening, so there's no
point repeating myself every time. There is no getting around the
fact that you are going to have to configure the client devices if
you want to set the EAP method that you want them to use.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list