Simple EAP flow support!

Diameter K diametera at gmail.com
Thu Mar 8 18:31:22 CET 2007


Hi Mike/Josh,
          Thanks for your replies.  Please see my responses below.

On 3/8/07, Michael Griego <mgriego at utdallas.edu> wrote:
> Why exactly do you want to do this instead of using standardized EAP-
> TLS?
Ok I will check if i can use EAP-TLS.

>You'll have to write your own code upates to FreeRADIUS, and I
> know of *no* supplicants that will operate in this fashion.  Seems
> like a lot more trouble than using what's already there, especially
> when you get into situations like where the certificate won't fit
> into one EAPOL packet, which is constrained by the MTU.

Say if i use EAP-TLS then is the NAS supposed to store the certificate
of the supplicant.
I think the certificate must alway come from the supplicant. But then
if we have a problem with the MTU, then supplicant stored certificates
cannot be used with EAP-TLS.

> --Mike
>
>
> On Mar 7, 2007, at 12:53 PM, Diameter K wrote:
>
> > Hi All,
> >        I want to configure free-radius to handle a simple EAP
> > described below.
> >
> > 1. Radius receives a IDENTITY message. The IDENTITY message
> > contains a encrypted certificate.
> > 2. The server decrypts and validates the Certificate and send out a
> > EAP-Success or EAP-Failure.
> >
> > Is there any way i can configure freeradius to achieve this flow or
> > would i have to modify the code.  As i understand the standard
> > flows are much more complicated(with challenge), which i dont want.
> >
> >
> > Thanks & Regards,
> > Shiv
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> > users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list