Re: Freeradius, EAP-TTLS ans eDirectory

Mariano Morano wrote:

Thanks Jóhann !!
Could you send me the documentation from were you cut it ? Thanks again 

>>> "Jóhann B. Guðmundsson" <johannbg@hi.is> 11/28/2006 11:22 AM >>>
Mariano Morano wrote:
> Hi all,
> We are working in a RFP and one of the customer's requirement is that we must support EAP-TTLS with Freeradius integrated with eDirectory as back-end. 
>
> We were reading the Novell documentation and at the Novell page, there appears "How to integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 on wards to allow wireless authentication for eDirectory users." and it not mntions EAP-TTLS (only EAP-TLS) 
>
>
> SO, Some questions:
> > 1) First, can we use Freeradius with EAP-TTLS and eDirectory as back end ? 
> 2) if we can waht version of frereadius should we use ?
> 3) Ca someone send us information about how do that?
>
> I would appreciate any hel ASAP
>
> Thanks in advance.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Follow Novells latest document about Integrate Novell® eDirectoryTM with FreeRADIUS
Then just make sure that these lines are present and uncommented in radius.conf
# radius.conf (Fresh install these lines are present and uncommented in radius.conf) 

$INCLUDE ${confdir}/eap.conf

authorize {
   eap
  }

authenticate {
      eap
     }

post-proxy {
   eap
   }
then change eap.conf to look something like this.... eap { default_eap_type = tls 
                timer_expire     = 60
                ignore_unknown_eap_types = no
                cisco_accounting_username_bug = no

                md5 {
                }

                leap {
                }

                gtc {
                        #challenge = "Password: "
                        auth_type = PAP
                }

                tls {
private_key_password = example-password
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/root.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}

                ttls {
# default_eap_type = md5 # you may have to uncomment eithor one of these depends on your configuration... 
#default eap_type = pap #
                       copy_request_to_tunnel = no
                       use_tunneled_reply = no
                }


        # peap {
                #       default_eap_type = mschapv2
                #       copy_request_to_tunnel = no
                #       use_tunneled_reply = no
# proxy_tunneled_request_as_eap = yes #} 
mschapv2 {
                }
        }

Create the certificates....

configure proxy.conf and client.conf and user.conf to suit your needs
and your ready to go

Best Regards
            Johann B.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You will get the documentation ( Read the comments in eap.conf and radius.conf ) when you install freeradius. eap.conf is just default eap.conf with stripped comments out of it and changes to
default_eap_type = md5 --> default_eap_type = tls ( which I think novell document tells you to do, havent read it) and I added #default eap_type = pap since I didnt now how your password were encrypted ( pap supports clear-text NT-has MD5-hash Salted-MD5-hash SSHA1-hash Salted-SSHA1-hash Unix-Crypt) 

Best regards
                      Johann B.
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.