[RADIATOR] AuthBy File and EAPAnonymous

craigsimons at sfu.ca craigsimons at sfu.ca
Fri May 21 16:49:14 CDT 2010


Just a quick question regarding handing tunnelled protocol outer requests. I've been using file AuthBy below to handle incoming PEAP/TTLS requets. I originally set it up to check a file with the username "anonymous". However, while testing I commented out the Filename attribute and forgot about it. Now, upon re-examining the config, I'm trying to understand why it still works even though it's not checking any file. Is this because of the EAPAnonymous %0 attribute? If this is the case, is it reasonable to assume that this handler will work even if the users specifies something other than "anonymous"? 

<AuthBy FILE>
	#Say my name!
	Identifier AuthByDot1xAnonymous
	
	#No default user exists
	NoDefault
  
	#File name
	#Filename %D/dot1x_anon.conf
	
	# EAP Types accepted
	EAPType TTLS, PEAP
	
	# Overwrite the outer tunnel userid with the inner tunnel userid
	EAPAnonymous %0
	
	# EAP Config
	EAPTLS_CAFile %D\cacert.pem
	EAPTLS_CertificateFile %D\cert.pem
	EAPTLS_CertificateType PEM
	EAPTLS_PrivateKeyFile %D\key.pem
	EAPTLS_MaxFragmentSize 1000
	AutoMPPEKeys
	EAPTLS_PEAPVersion 0
	EAPTLS_PEAPBrokenV1Label
	EAPTTLS_NoAckRequired

</AuthBy>


Regards, 
 Craig

Craig Simons 
Network Services 
Simon Fraser University 




More information about the radiator mailing list