Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

eap.ini File

 

The eap.ini configuration file controls the sequence in which EAP authentication types are tried when authenticating users by means of the different Steel-Belted Radius Carrier authentication methods.

Note

Use the Web GUI to maintain settings in the eap.ini file. Do not edit the eap.ini file manually.

Each authentication method that you want EAP authentication to be performed against must be configured within this eap.ini file.

This file must contain one section for each authentication method that you use, and the title of the section must identify the authentication method:

  • Native User

  • LDAP

  • SQL

  • SQL-ORACLE

  • EAP-TLS

  • EAP-TTLS

  • EAP-PEAP

  • EAP-MD5-Challenge

  • EAP-MS-CHAP-V2

  • defaultMethods

Note

Steel-Belted Radius Carrier is configured with an eap.ini file that works for most environments.

Table 109 lists the parameters in each section.

Table 109: eap.ini Syntax

Parameter

Function

EAP-Only

  • If set to 0, the authentication method accepts all types of user credentials.

  • If set to 1, the authentication method is given only EAP credentials or acts only as a back-end server to an automatic EAP protocol method.

For authentication methods expected to handle EAP-TTLS inner authentications, this parameter must be set to 0 or 1 depending on the type of credentials used in the inner authentication.

Note: If you are using a third party authentication service with PEAP, set this value to 0. Since the PEAP plug-in converts the inner EAP credentials to PAP for security reasons, setting this value to 1 causes third party authentication processing to be skipped when using EAP, ultimately leading to the user being rejected.

EAP-Type

A comma-separated list of the EAP protocols to support for this authentication method. The first protocol in the list is the primary protocol. Protocols that appear later in the list are used with this authentication method only if the client responds with an EAP NAK and specifies such a protocol or if another authentication method triggers the use of the protocol but cannot complete the request.

Valid values include the following:

  • MD5-Challenge

  • TTLS

  • TLS

  • MS-CHAP-V2

Leave the EAP-Type list empty to disable EAP for this authentication method.

First-Handle-Via-Auto-EAP

  • If set to 1 and the user credentials are EAP, an appropriate automatic EAP helper method is called before the authentication method. The purpose of calling the automatic EAP helper method is to convert the user's EAP credentials into a format acceptable to the authentication method.

  • If set to 0, the authentication method itself handles the request directly, before any automatic helper methods.

Default varies based on type of user. Refer to the comments in the eap.ini file for more information.

Available-EAP-Types

A comma-separated list of the EAP protocols that can be selected when configuring the Steel-Belted Radius Carrier server by means of the Web GUI.

Valid values include the following:

  • TTLS

  • TLS

  • MS-CHAP-V2

  • MD5-Challenge

Available-EAP-Only-Values

Controls whether the Use EAP authentication only check box in the EAP Setup dialog (accessed through the Authentication Methods page in Web GUI) is enabled. Network administrators can use this parameter to control whether Web GUI users can select EAP authentication options.

  • If set to 0,1, users can enable or disable the Use EAP Authentication Only check box.

  • If set to 0, the Use EAP Authentication Only option is disabled and the check box is inactive.

  • If set to 1, the Use EAP Authentication Only option is enabled and the check box is inactive.

Default varies based on type of user. Refer to the comments in the eap.ini file for more information.

Available-Auto-EAP-Values

Controls whether the Handle via Auto-EAP First check box in the EAP Setup window (accessed through the Authentication Methods page in Web GUI) is enabled. Network administrators can use this parameter to control whether Web GUI users can select auto-EAP options.

  • If set to 0,1, users can enable or disable the Handle via Auto-EAP First check box.

  • If set to 0, the Handle via Auto-EAP First option is disabled and the check box is inactive.

  • If set to 1, the Handle via Auto-EAP First option is enabled and the check box is inactive.

Default varies based on type of user. Refer to the comments in the eap.ini file for more information.