Developers guide
Chapter 17
Copyright © 2008-2013 Inverse inc.
Manual FreeRADIUS 2 configuration 96
authorize {
preprocess
eap {
ok = return
}
files
expiration
logintime
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
post-auth {
perl
}
In /usr/local/pf/raddb/users
Add the following lines where we define that non-EAP messages should, by default, lead to an
authentication acceptation.
DEFAULT EAP-Message !* "", Auth-Type := Accept
Comment or delete all other statements.
Optional: Wired or Wireless 802.1X
configuration
Generate cryptographic material for the EAP tunnel (802.1X) to work. Run as root:
cd /usr/local/pf/raddb/certs
make
In /usr/local/pf/conf/radiusd/eap.conf
Make sure this file looks like: