Ok,
does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
- it is sure, it is not a question of certificate. Alan said someday that that NAS is broken. He might be true, but maybe i missed something in the configuration, but where?
- it reminds me a question and i don't know how to answer:
I called a SSID "TLS" where security is "WPA Enterprise". it expet users to be authenticated via FREERADIUS to be allowed on the network.
so i use a certificate, and the commonname of this certificate is "testuser01". authentication success cause certificate is valid, but i have no user called "testuser01" on user file, sql database, or AD.
so my first question is: doing EAP-TLS authentication, user is based_what? i mean, does user have to exist on a base like sql, ldap or a file, or just the certificate credentials are enough?
second: using RADIUS for authetication in a LAN means that 802.1x is used. That's what i read. Right now, i notice that 802.1x is off on all my NAS...![]()
i forgot to set it "ON".
so why does EAP-TLS Authentication runs OK... why that? (and EAP-PEAP still not ??)
- Yes, i know it's not school here but realize that it's not easy to surround alone. thank your for your explanation and your time!
does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
- it is sure, it is not a question of certificate. Alan said someday that that NAS is broken. He might be true, but maybe i missed something in the configuration, but where?
- it reminds me a question and i don't know how to answer:
I called a SSID "TLS" where security is "WPA Enterprise". it expet users to be authenticated via FREERADIUS to be allowed on the network.
so i use a certificate, and the commonname of this certificate is "testuser01". authentication success cause certificate is valid, but i have no user called "testuser01" on user file, sql database, or AD.
so my first question is: doing EAP-TLS authentication, user is based_what? i mean, does user have to exist on a base like sql, ldap or a file, or just the certificate credentials are enough?
second: using RADIUS for authetication in a LAN means that 802.1x is used. That's what i read. Right now, i notice that 802.1x is off on all my NAS...
so why does EAP-TLS Authentication runs OK... why that? (and EAP-PEAP still not ??)
- Yes, i know it's not school here but realize that it's not easy to surround alone. thank your for your explanation and your time!
----- Message d'origine ----
De : Ivan Kalik <tnt@kalik.net>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Vendredi, 18 Juillet 2008, 20h00mn 31s
Objet : Re: Re : EAP-TLS OK - EAP-PEAP KO!! why that?
> Module: Instantiating eap-mschapv2
> mschapv2 {
> with_ntdomain_hack = no //i set "yes in /etc/raddb/module/mschap for this
> but still stay on "no"
> }
Because this is from eap.conf.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
De : Ivan Kalik <tnt@kalik.net>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Vendredi, 18 Juillet 2008, 20h00mn 31s
Objet : Re: Re : EAP-TLS OK - EAP-PEAP KO!! why that?
> Module: Instantiating eap-mschapv2
> mschapv2 {
> with_ntdomain_hack = no //i set "yes in /etc/raddb/module/mschap for this
> but still stay on "no"
> }
Because this is from eap.conf.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html