Freeradius2 and OSX clients no TLS
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Sun Mar 6 20:22:18 CET 2011
Hi,
> > I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
> > Macs are able to authenticate without Certs or any configuration on their
> > side!!
I'm guessing that MD5 isnt a valid 'ready ticked' EAP type by default. you
would probably be okay putting eg default_eap_type=peap too
I'd also agree with James too - you really dont want to just allow a dumb
'click and go' configuration to be valid on a client - otherwise a malicious
person could spoof your SSID and your RADIUS server and then clients could
try authenticating against the bad RADIUS server with no warnings for
the user. if using TTLS/PAP that could be very bad
alan
More information about the Freeradius-Users
mailing list