Freeradius, EAP-TTLS ans eDirectory
"Jóhann B. Guðmundsson"
johannbg at hi.is
Wed Nov 29 08:09:11 CET 2006
Mariano Morano wrote:
> Thanks Jóhann !!
>
> Could you send me the documentation from were you cut it ?
>
> Thanks again
>
> >>> "Jóhann B. Guðmundsson" <johannbg at hi.is> 11/28/2006 11:22 AM >>>
> Mariano Morano wrote:
> > Hi all,
> > We are working in a RFP and one of the customer's requirement is
> that we must support EAP-TTLS with Freeradius integrated with
> eDirectory as back-end.
> >
> > We were reading the Novell documentation and at the Novell page,
> there appears "How to integrate Novell® eDirectoryTM 8.7.1 or later
> with FreeRADIUS 1.0.2 on wards to allow wireless authentication for
> eDirectory users." and it not mntions EAP-TTLS (only EAP-TLS)
> >
> >
> > SO, Some questions:
> >
> > 1) First, can we use Freeradius with EAP-TTLS and eDirectory as back
> end ?
> > 2) if we can waht version of frereadius should we use ?
> > 3) Ca someone send us information about how do that?
> >
> > I would appreciate any hel ASAP
> >
> > Thanks in advance.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> Follow Novells latest document about Integrate Novell® eDirectoryTM
> with FreeRADIUS
>
> Then just make sure that these lines are present and uncommented in
> radius.conf
>
> # radius.conf (Fresh install these lines are present and uncommented
> in radius.conf)
>
> $INCLUDE ${confdir}/eap.conf
>
> authorize {
> eap
> }
>
> authenticate {
> eap
> }
>
> post-proxy {
> eap
> }
>
> then change eap.conf to look something like this....
>
> eap {
> default_eap_type = tls
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco_accounting_username_bug = no
>
> md5 {
> }
>
> leap {
> }
>
> gtc {
> #challenge = "Password: "
> auth_type = PAP
> }
>
> tls {
> private_key_password = example-password
> private_key_file = ${raddbdir}/certs/cert-srv.pem
> certificate_file = ${raddbdir}/certs/cert-srv.pem
> CA_file = ${raddbdir}/certs/root.pem
> dh_file = ${raddbdir}/certs/dh
> random_file = ${raddbdir}/certs/random
> fragment_size = 1024
> include_length = yes
> }
>
> ttls {
> # default_eap_type = md5 # you may have to
> uncomment eithor one of these depends on your configuration...
> #default eap_type = pap #
> copy_request_to_tunnel = no
> use_tunneled_reply = no
> }
>
>
> # peap {
> # default_eap_type = mschapv2
> # copy_request_to_tunnel = no
> # use_tunneled_reply = no
> # proxy_tunneled_request_as_eap =
> yes
> #}
> mschapv2 {
> }
> }
>
> Create the certificates....
>
> configure proxy.conf and client.conf and user.conf to suit your needs
> and your ready to go
>
> Best Regards
> Johann B.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You will get the documentation ( Read the comments in eap.conf and
radius.conf ) when you install freeradius.
eap.conf is just default eap.conf with stripped comments out of it and
changes to
default_eap_type = md5 --> default_eap_type = tls ( which I think
novell document tells you to do, havent read it)
and I added #default eap_type = pap since I didnt now how your password
were encrypted ( pap supports clear-text NT-has MD5-hash Salted-MD5-hash
SSHA1-hash Salted-SSHA1-hash Unix-Crypt)
Best regards
Johann B.
More information about the Freeradius-Users
mailing list