PEAP/EAP-TLS with client and server certificate

Marcelo Augusto Rodrigues Pimentel marcelo.pimentel at cgu.gov.br
Mon Apr 23 22:10:44 CEST 2007 

Hi,

 

            I´m trying to configure freeradius with PEAP + EAP-TLS, but I´m making some confusion to configure the radiusd.conf  (sections authorize and authentication) and eap.conf.

            Have someone implemented this configuration?

            In the eap.conf file the default eap type is TLS or PEAP?

            What I´ve to configure in the authorize and authentication sections?

            I´ve attached my conf files below.

 

            Best Regards ...

 

FreeRADIUS Version 1.0.1

 

eap.conf

 

eap {

default_eap_type = tls

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

 

# Supported EAP-types

# EAP-TLS

tls {

private_key_password = xxxxxxxxxxx

private_key_file = ${raddbdir}/certs/freeradius_key.pem

certificate_file = ${raddbdir}/certs/freeradius_cert.pem

CA_file = ${raddbdir}/certs/demoCA/cacert.pem

dh_file = ${raddbdir}/certs/dh

random_file = ${raddbdir}/certs/random

fragment_size = 1024

 

include_length = yes

}

 

peap {

default_eap_type = tls

}

 

#tls {

#private_key_password = xxxxxxxxxx

#private_key_file = ${raddbdir}/certs/freeradius_key.pem

#certificate_file = ${raddbdir}/certs/freeradius_cert.pem

#CA_file = ${raddbdir}/certs/demoCA/cacert.pem

#dh_file = ${raddbdir}/certs/dh

#random_file = ${raddbdir}/certs/random

#fragment_size = 1024

#include_length = yes

#}

 

#mschapv2 {

#}

}

 

 

radiusd.conf (only authorize and authentication sections)

 

.

.

.

# Instantiation

 

instantiate {

}

#

authorize {

preprocess

files

mschap

eap

}

 

# Authentication.

authenticate {

Auth-Type MS-CHAP {

mschap

}

eap

}

.

.

.




"Mensagem protegida por sigilo profissional. Sua utilização indevida sujeita o infrator às penas da lei. Não sendo seu destinatário, por favor, elimine-a e informe o equívoco ao emitente."

"This e-mail message and any attachment are intended exclusively for the named addressee. They may contain confidential information which may also be protected by professional secrecy. Unless you are the named addressee (or authorised to receive for the addressee) you may not copy or use this message or any attachment or disclose the contents to anyone else. If this e-mail was sent to you by mistake please notify the sender immediately and delete this e-mail."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070423/1122dd71/attachment.html>

More information about the Freeradius-Users mailing list