Mariano Morano wrote:
Thanks Jóhann !!
Could you send me the documentation from were you cut it ?
Thanks again
"Jóhann B. Guðmundsson" <johannbg@hi.is> 11/28/2006 11:22 AM >>> Mariano Morano wrote: Hi all, We are working in a RFP and one of the customer's requirement is that we must support EAP-TTLS with Freeradius integrated with eDirectory as back-end.
We were reading the Novell documentation and at the Novell page, there appears "How to integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 on wards to allow wireless authentication for eDirectory users." and it not mntions EAP-TTLS (only EAP-TLS)
SO, Some questions:
1) First, can we use Freeradius with EAP-TTLS and eDirectory as back end ? 2) if we can waht version of frereadius should we use ? 3) Ca someone send us information about how do that?
I would appreciate any hel ASAP
Thanks in advance.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Follow Novells latest document about Integrate Novell® eDirectoryTM with FreeRADIUS
Then just make sure that these lines are present and uncommented in radius.conf
# radius.conf (Fresh install these lines are present and uncommented in radius.conf)
$INCLUDE ${confdir}/eap.conf
authorize { eap }
authenticate { eap }
post-proxy { eap }
then change eap.conf to look something like this....
eap { default_eap_type = tls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no
md5 { }
leap { }
gtc { #challenge = "Password: " auth_type = PAP }
tls { private_key_password = example-password private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/root.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes }
ttls { # default_eap_type = md5 # you may have to uncomment eithor one of these depends on your configuration... #default eap_type = pap # copy_request_to_tunnel = no use_tunneled_reply = no }
# peap { # default_eap_type = mschapv2 # copy_request_to_tunnel = no # use_tunneled_reply = no # proxy_tunneled_request_as_eap = yes #} mschapv2 { } }
Create the certificates....
configure proxy.conf and client.conf and user.conf to suit your needs and your ready to go
Best Regards Johann B.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You will get the documentation ( Read the comments in eap.conf and radius.conf ) when you install freeradius. eap.conf is just default eap.conf with stripped comments out of it and changes to
default_eap_type = md5 --> default_eap_type = tls ( which I think novell document tells you to do, havent read it) and I added #default eap_type = pap since I didnt now how your password were encrypted ( pap supports clear-text NT-has MD5-hash Salted-MD5-hash SSHA1-hash Salted-SSHA1-hash Unix-Crypt) Best regards Johann B.