howto EAP-TLS on freeradius 2.0.2-3 ??

Mon May 19 00:37:23 CEST 2008

>Ok, we assume my certificates are corrects.
>
>So i have some more questions:
>
>
>- Certificate should be import for user accounts or for computer account ?

Who/what ever is you supplicant trying to authenticate. If the supplicant
can't find the correct certificate it will give up.

>
>- i use the file "users" as database for my accounts; when using eap-tls
>when trying eap-peap my accounts looks like that:
>
>>> johndoe     Auth-Type: = EAP, User-Password == Ă˘ďż˝ďż˝test1234"
>>>                      Tunnel-Type = 13,
>>>                      Tunnel-Medium-Type = 6,
>
>or 
>>> johndoe       User-Password == Ă˘ďż˝ďż˝test1234"
>>>                      Tunnel-Type = 13,
>>>                      Tunnel-Medium-Type = 6,

No, don't use Auth-Type. Use Cleartext-Password or NT-Password (names
clearly suugest are they encrypted and how) with mschap.

>
>
>- when i use eap-tls, it looks like that:
>
>>> johndoe 
>>>          Tunnel-Type = 13,
>>>          Tunnel-Medium-Type = 6,
>-----
>
>and sometimes, i add add the assignment of Vlan by using the attribute '
Tunnel-Private-Group-ID = 100" -vlan 100 is affected to the ssid i am
interested in-
>
>is it correct?

It will work, but it's more common to use "human" values (VLAN and
IEEE-802).

Ivan Kalik
Kalik Informatika ISP