[RADIATOR] AuthBy File and EAPAnonymous
craigsimons at sfu.ca
craigsimons at sfu.ca
Fri May 21 16:49:14 CDT 2010
Just a quick question regarding handing tunnelled protocol outer requests. I've been using file AuthBy below to handle incoming PEAP/TTLS requets. I originally set it up to check a file with the username "anonymous". However, while testing I commented out the Filename attribute and forgot about it. Now, upon re-examining the config, I'm trying to understand why it still works even though it's not checking any file. Is this because of the EAPAnonymous %0 attribute? If this is the case, is it reasonable to assume that this handler will work even if the users specifies something other than "anonymous"?
<AuthBy FILE>
#Say my name!
Identifier AuthByDot1xAnonymous
#No default user exists
NoDefault
#File name
#Filename %D/dot1x_anon.conf
# EAP Types accepted
EAPType TTLS, PEAP
# Overwrite the outer tunnel userid with the inner tunnel userid
EAPAnonymous %0
# EAP Config
EAPTLS_CAFile %D\cacert.pem
EAPTLS_CertificateFile %D\cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D\key.pem
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
EAPTLS_PEAPVersion 0
EAPTLS_PEAPBrokenV1Label
EAPTTLS_NoAckRequired
</AuthBy>
Regards,
Craig
Craig Simons
Network Services
Simon Fraser University
More information about the radiator
mailing list