On 12/07/2011 08:37 AM, Michel Bulgado wrote:
On Wednesday 07 December 2011 01:26:08 Fajar A. Nugraha wrote:
On Wed, Dec 7, 2011 at 1:15 PM,<michel@casa.co.cu> wrote:
google search and it turns out all the variations I have encountered are implementing freeradius with PEAP TLS and mysql which should generate certificates and then configure the client and in turn install these certificates to the exchange between the server and client.
I was wondering, there is some other simpler way that does not imply that this set up or install certificates on the client side? PEAP-TTLS, PEAP-MSCHAPv2, PEAP-GTC, etc.
On these setup there's only one certificate: the server. Depending on your OS/supplicant, the client can be set up to ignore the certificate validation, or to have a pop up asking whether they trust the server certicate.
Note that the CLIENT choose which authentication method to use. Setup on NAS (i.e. access point) side is the same.
Well, I have several clients with different operating systems: Windows, Linux, Apple.
Something as simple as putting the username and password. Once you get pass certificate trust issue, it's a matter of putting username and password.
Hi Fajar
Thanks for reply me.
If PEAP-TTLS, PEAP-MSCHAPv2, PEAP-GTC works with one certificate on the side of the server, of the three methods what you recomend me to use in the server?
Did you have a manual, doc, i can use to setting up the authentication with freeradius with PEAP-TTLS or PEAP-MSCHAPv2 or PEAP-GTC and mysql?
Michel
At last! Finally after much struggle, I configure freeradius with mysql to authenticate wireless users. EAP-TTLS But another problem arises for me: After the user to authenticate and connect to wireless, I noticed that the table "RadAcct" was empty, probing the inner-tunnel file found this: There are no accounting Requests inside of EAP-TTLS or PEAP tunnels. What other variants, I can choose to run the accounting? Ideas?