On Fri, May 27, 2011 at 10:28 PM, Phil Mayers <[email protected]> wrote: > On 27/05/11 16:16, Lubenski, Zeev [GCS] wrote: >> >> We do have a question >> >> Is there anything in configuration that allows to turn off authentication >> >> We are running EAP-TTLS and would like instead of sending challenge on >> Access send Access accept always. (No authentication in fact) > > No, can't be done. EAP is a challenge/response protocol, and you must send > the relevant challenges. > > In EAP-TTLS, you might be able to just force-accept the inner auth, because > that's usually just PAP (no challenge / response). You can't for example do > this in PEAP, because the inner protocol (MSCHAP) is also > challenge/response.
Phil, Zeev asked about EAP-TTLS, and you said "you might be able to just force-accept the inner auth, because that's usually just PAP (no challenge / response)". But before that you also said "No, can't be done. EAP is a challenge/response protocol". Are you perhaps thinking that Zeev wrote EAP-MSCHAP instead of EAP-TTLS? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
