EAP-TTLS not working
Marlen Caemmerer
caemmerer at ash-berlin.eu
Fri Oct 28 12:58:38 CEST 2016
Hello,
Am 2016-10-27 14:14, schrieb Alan DeKok:
> Because MS-CHAPv2 doesn't supply a password.
>
> The simple answer is that you should give the password to FreeRADIUS, and let FreeRADIUS authenticate the user. You shouldn't write a Perl script to do the authentication.
What would you recommend to let FreeRadius authenticate the user? LDAP
or users file or something else?
>> The perl script is for a custom type of authentication only.
>
> It will only work for PAP authentication.
Actually I plan to poke around with EAP-TTLS and PAP first, then and see
how this goes.
> In short, EAP-TTLS and PEAP set up a TLS connection between the PC and the RADIUS server. Authentication normally requires a name, so that is the "outer' one. When the TLS session is set up, the *real* name and password are sent inside of the TLS connection. That is the "inner" identity.
Thanks :). So this means I configure the default virtual server to do
TTLS and the inner virtual server to do PAP?
Then if I do this with rlm_perl I would write
Auth-Type PAP {
perl
}
in the inner-tunnel config.
In the default config I guess I'd have to put eap in the authenticate
section.
Is this correct?
With kind regards
Marlen Caemmerer
--
************************************************
Alice Salomon Hochschule
Computerzentrum
Marlen Caemmerer
Alice-Salomon-Platz 5
12627 Berlin
Email: caemmerer at ash-berlin.eu
************************************************
More information about the Freeradius-Users
mailing list