Hi,
I´m trying to configure
freeradius with PEAP + EAP-TLS, but I´m making some confusion to configure the
radiusd.conf (sections authorize and authentication) and eap.conf.
Have someone implemented this configuration?
In the eap.conf file the default eap type
is TLS or PEAP?
What I´ve to configure in the authorize
and authentication sections?
I´ve attached my conf files below.
Best Regards …
FreeRADIUS Version
1.0.1
eap.conf
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
# Supported EAP-types
# EAP-TLS
tls {
private_key_password = xxxxxxxxxxx
private_key_file =
${raddbdir}/certs/freeradius_key.pem
certificate_file =
${raddbdir}/certs/freeradius_cert.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = tls
}
#tls {
#private_key_password = xxxxxxxxxx
#private_key_file =
${raddbdir}/certs/freeradius_key.pem
#certificate_file =
${raddbdir}/certs/freeradius_cert.pem
#CA_file = ${raddbdir}/certs/demoCA/cacert.pem
#dh_file = ${raddbdir}/certs/dh
#random_file = ${raddbdir}/certs/random
#fragment_size = 1024
#include_length = yes
#}
#mschapv2 {
#}
}
radiusd.conf
(only authorize and authentication sections)
.
.
.
# Instantiation
instantiate {
}
#
authorize {
preprocess
files
mschap
eap
}
# Authentication.
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
.
.
.