Freeradius2 and OSX clients no TLS

Guy guy at
Mon Mar 7 22:01:58 CET 2011

Yes I understand and agree..

However in this environment I think we'll be ok.



On 6 Mar 2011, at 19:22, Alan Buxey wrote:

> Hi,
>>> I changed "default_eap_type=md5" to  "default_eap_type=ttls" and now the
>>> Macs are able to authenticate without Certs or any configuration on their
>>> side!!
> I'm guessing that MD5 isnt a valid 'ready ticked' EAP type by default.  you
> would probably be okay putting eg  default_eap_type=peap  too
> I'd also agree with James too - you really dont want to just allow a dumb
> 'click and go' configuration to be valid on a client - otherwise a malicious
> person could spoof your SSID and your RADIUS server and then clients could
> try authenticating against the bad RADIUS server with no warnings for
> the user. if using TTLS/PAP that could be very bad
> alan
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list