eap.ini File
The eap.ini configuration file controls the sequence in which EAP authentication types are tried when authenticating users by means of the different Steel-Belted Radius Carrier authentication methods.
Use the Web GUI to maintain settings in the eap.ini file. Do not edit the eap.ini file manually.
Each authentication method that you want EAP authentication to be performed against must be configured within this eap.ini file.
This file must contain one section for each authentication method that you use, and the title of the section must identify the authentication method:
|
|
[Native-User] EAP-Only = 0 First-Handle-Via-Auto-EAP = 0 EAP-Type = TTLS, MD5-Challenge Available-EAP-Types=MD5-Challenge,MS-CHAP-V2,TLS Available-EAP-Only-Values=0,1 Available-Auto-EAP-Values=1
Steel-Belted Radius Carrier is configured with an eap.ini file that works for most environments.
Table 110 lists the parameters in each section.
Table 110: eap.ini Syntax
Parameter | Function |
---|---|
EAP-Only |
For authentication methods expected to handle EAP-TTLS inner authentications, this parameter must be set to 0 or 1 depending on the type of credentials used in the inner authentication. Note: If you are using a third party authentication service with PEAP, set this value to 0. Since the PEAP plug-in converts the inner EAP credentials to PAP for security reasons, setting this value to 1 causes third party authentication processing to be skipped when using EAP, ultimately leading to the user being rejected. |
EAP-Type | A comma-separated list of the EAP protocols to support for this authentication method. The first protocol in the list is the primary protocol. Protocols that appear later in the list are used with this authentication method only if the client responds with an EAP NAK and specifies such a protocol or if another authentication method triggers the use of the protocol but cannot complete the request. Valid values include the following:
Leave the EAP-Type list empty to disable EAP for this authentication method. |
First-Handle-Via-Auto-EAP |
Default varies based on type of user. Refer to the comments in the eap.ini file for more information. |
Available-EAP-Types | A comma-separated list of the EAP protocols that can be selected when configuring the Steel-Belted Radius Carrier server by means of the Web GUI. Valid values include the following:
|
Available-EAP-Only-Values | Controls whether the Use EAP authentication only check box in the EAP Setup dialog (accessed through the Authentication Methods page in Web GUI) is enabled. Network administrators can use this parameter to control whether Web GUI users can select EAP authentication options.
Default varies based on type of user. Refer to the comments in the eap.ini file for more information. |
Available-Auto-EAP-Values | Controls whether the Handle via Auto-EAP First check box in the EAP Setup window (accessed through the Authentication Methods page in Web GUI) is enabled. Network administrators can use this parameter to control whether Web GUI users can select auto-EAP options.
Default varies based on type of user. Refer to the comments in the eap.ini file for more information. |