Wifi-Enabled Phones + FreeRadius

Fajar A. Nugraha fajar at fajar.net
Thu Aug 26 10:12:20 CEST 2010


On Thu, Aug 26, 2010 at 2:53 PM, rrperez <rrperez at apc.edu.ph> wrote:
>
> Thanks for the response Alan,
>
>>if using eg EAP-TTLS/PAP then you would have issues - some phones wont do
> that method natively
>
> yes i do use EAP-TTLS/PAP, so does that mean that configurations should done
> on the mobile devices and not on the server?

Are you still authenticating against Lotus Domino LDAP?

Basically to get an authentication method to work, the device needs to
be configured to use it, and the server needs to support it. So you
need to have a method that's supported by both device and server. It's
easy enough to configure the server to support multiple methods, but
if you're still authenticating against Lotus Domino LDAP, you might
want to enable only TTLS-PAP and PEAP-GTC.

For example, iphone (from Apple's docs) supports EAP-TLS, EAP-TTLS,
EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, and LEAP.  I've tried it with
PEAP-GTC, and it works, so you might want to try EAP-TTLS/PAP and see
how it goes. If it doesn't, they try other methods.

-- 
Fajar



More information about the Freeradius-Users mailing list