Time for action – disabling unused EAP methods

Our organization decided to support the two tunneled EAP methods (PEAP and EAP-TTLS). We will disable the other methods and set the default EAP method to be PEAP:

Edit the eap.conf file located under the FreeRADIUS configuration directory. Disable the following methods by commenting them out completely: md5, leap, gtc, and mschapv2.

Change the default_eap_type directive from:

default_eap_type = md5

to:

default_eap_type = peap

Restart FreeRADIUS in debug mode and check that the disabled EAP methods are not available any more. Here is the debug output from FreeRADIUS when we tried EAP-MD5. It confirms that EAP Type 4 (MD5) is not supported anymore:
```
+- entering group authenticate {...}
[eap] Request found, ...
```

Get FreeRADIUS Beginner's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

FreeRADIUS Beginner's Guide by Dirk van der Walt

Time for action – disabling unused EAP methods

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly