On 05/17/2012 06:15 AM, David Peterson wrote:
I have a couple of users who have unknown usernames and passwords. They are also using EAP-TTLS for authentication. Is there a way to automatically authenticate all of them and if so, can I also send the Framed-Filter-Id attribute with the authentication response as if the user were truly authorized.
If they are doing EAP-TTLS/PAP, yes - you can force "Auth-Type = Accept" in the inner tunnel, and send any reply attribute you like including Framed-Filter-Id.
For any other EAP type/combination, no. They're all challenge/response mechanisms that require successful completion of the cryptographic exchange, which requires shared secrets (passwords).
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
