can peap and ttls live together?

Sergio Belkin sebelk at gmail.com
Tue Apr 29 14:40:40 CEST 2008


Hi,

I had been using EAP-TTLS, but I've commented in an earlier post, I
have no luck with securew2 and Vista. So I am planning use a
"secondary password" for radius in clear-text. But I'd want to know if
TTLS and PEAP can live together, my current eap.conf is as follow:

eap {
                default_eap_type = ttls
                timer_expire     = 60
                ignore_unknown_eap_types = no
                cisco_accounting_username_bug = no
                md5 {
                }
                leap {
                }
                gtc {
                        auth_type = PAP
                }
                tls {
                        private_key_file =
/etc/pki/tls/certs/ips-spectrum-key.pem
                        certificate_file =
/etc/pki/tls/certs/ips-spectrum-crt.pem
                        CA_file = /etc/pki/tls/certs/ips-ca-bundle.crt
                        dh_file = ${raddbdir}/certs/dh
                        random_file = ${raddbdir}/certs/random
                        cipher_list = "DEFAULT"
                }
                ttls {
                        default_eap_type = md5
                        copy_request_to_tunnel = no
                        use_tunneled_reply = yes
                }
                peap {
                        default_eap_type = mschapv2
                        copy_request_to_tunnel = no
                        use_tunneled_reply = no
                }
                mschapv2 {
                }
        }


-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -



More information about the Freeradius-Users mailing list