<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Thanks Jóhann !!</DIV>
<DIV> </DIV>
<DIV>Could you send me the documentation from were you cut it ?</DIV>
<DIV> </DIV>
<DIV>Thanks again<BR><BR>>>> "Jóhann B. Guðmundsson" <johannbg@hi.is> 11/28/2006 11:22 AM >>><BR>Mariano Morano wrote:<BR>> Hi all,<BR>> We are working in a RFP and one of the customer's requirement is that we must support EAP-TTLS with Freeradius integrated with eDirectory as back-end.<BR>><BR>> We were reading the Novell documentation and at the Novell page, there appears "How to integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 on wards to allow wireless authentication for eDirectory users." and it not mntions EAP-TTLS (only EAP-TLS)<BR>><BR>><BR>> SO, Some questions:<BR>> <BR>> 1) First, can we use Freeradius with EAP-TTLS and eDirectory as back end ? <BR>> 2) if we can waht version of frereadius should we use ?<BR>> 3) Ca someone send us information about how do that?<BR>><BR>> I would appreciate any hel ASAP<BR>><BR>> Thanks in advance.<BR>><BR>> - <BR>> List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A><BR>Follow Novells latest document about Integrate Novell® eDirectoryTM with FreeRADIUS<BR><BR>Then just make sure that these lines are present and uncommented in radius.conf <BR><BR># radius.conf (Fresh install these lines are present and uncommented in radius.conf)<BR><BR>$INCLUDE ${confdir}/eap.conf<BR><BR>authorize {<BR> eap<BR> }<BR><BR>authenticate {<BR> eap<BR> }<BR><BR>post-proxy {<BR> eap<BR> }<BR><BR>then change eap.conf to look something like this.... <BR><BR>eap { <BR> default_eap_type = tls<BR> timer_expire = 60<BR> ignore_unknown_eap_types = no<BR> cisco_accounting_username_bug = no<BR><BR> md5 {<BR> }<BR><BR> leap {<BR> }<BR><BR> gtc {<BR> #challenge = "Password: "<BR> auth_type = PAP<BR> }<BR><BR> tls {<BR>private_key_password = example-password<BR>private_key_file = ${raddbdir}/certs/cert-srv.pem<BR>certificate_file = ${raddbdir}/certs/cert-srv.pem<BR>CA_file = ${raddbdir}/certs/root.pem<BR>dh_file = ${raddbdir}/certs/dh<BR>random_file = ${raddbdir}/certs/random<BR>fragment_size = 1024<BR>include_length = yes<BR>}<BR><BR> ttls {<BR> # default_eap_type = md5 # you may have to uncomment eithor one of these depends on your configuration...<BR>#default eap_type = pap # <BR> copy_request_to_tunnel = no<BR> use_tunneled_reply = no<BR> }<BR><BR><BR> # peap {<BR> # default_eap_type = mschapv2<BR> # copy_request_to_tunnel = no<BR> # use_tunneled_reply = no<BR> # proxy_tunneled_request_as_eap = yes <BR>#}<BR>mschapv2 {<BR> }<BR> }<BR><BR>Create the certificates....<BR><BR>configure proxy.conf and client.conf and user.conf to suit your needs <BR>and your ready to go <BR><BR>Best Regards<BR> Johann B.<BR><BR><BR>- <BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A><BR></DIV></BODY></HTML>