Change PEAP user-name and user-password

Alan Buxey alan.buxey at gmail.com
Thu Jun 14 00:21:00 CEST 2018


Hi

So use auth to be disabled and only device auth? How many the device auth
happening? If via EAP-TLS etc this is possible. If via just MAC but started
with eap no unless via policy where you still need the EAP to pass....

alan

On Wed, 13 Jun 2018, 23:59 Seth Lampman, <sethklampman at gmail.com> wrote:

> I am trying to figure out if what i want to do is possible.  I work for a
> VPN vendor. We support device auth as well as user auth. User auth is
> always required no matter what.  I have a customer that wants device auth
> only using eap-tls.  No issues this works fine.  They want to disable user
> auth and user only device certificate auth which we do not support.  I want
> to bascially be able to accept all user auth requests presented to the
> radius server which would in effect give them what they want.
>
> I know that with eap\mschapv2 (we dont support lesser protocols) you cannot
> have auto accept all requests due to mutual auth required.  My thought was
> to create a default user in freeradius and then update user-name and
> user-password to the deafult user.  So joe tries to authenticate and unlang
> rewrites joe to default user. And rewrites joes password to default user
> password. Auth succeeds.
>
> Ive researched the forums and i think i need to do this on the outer tunnel
> as well as the inner tunnel? I cant find anything that is clear on that.
>
> If someone could point me in the right direction and let me know if i am on
> the right track?
>
> Thanks
>
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list