Hi Thanks for the quck reply.
Hi,
We tend to use a anonymous@realm identity for the EAP outer ID, in our current radius server this is defined in a users file and has the format of anonymous Encrypted-Password=nevermatch is there a similar thing in freeradius and where should this be defined ?
IIRC, this is just so that the user 'anonymous' is never treated as a real user so no real challenges regarding this ID are sent to the LDAP or SQL backend?
We've never had to define an 'anonymous' username anywhere in FreeRADIUS config for this to not be a problem....basically, if you have anonymous@realm then FreeRADIUS suffic/realm/prefix code will note the realm part and proxy it through..and its its EAP it'll be proxied to the inner-tunnel (from then on the InnerID is what matters!)
Thanks I will try and configure this.
In the eap.conf file under the ttls section it asks for " default_eap_type = tls" if I am using a pap password for the inner that comes from a ldap server should I comment this section out ? Or will the server ignore it ?
thats the default EAP type and hence the one that is initially challenged... if you want to optimize things then set it to you most commonly used method....we have it as 'peap' here but you'll be EAP-TTLS/PAP'ing? so that'd be 'ttls'
I thought it should be ttls but I found this to be a little confusing "The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # TTLS tunnel, we recommend using EAP-MD5. # If the request does not contain an EAP # conversation, then this configuration entry # is ignored. as I have eap { default_eap_type = ttls Thanks Colin
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ----------------------------------------------------------------------- Colin Byelong Email: C.Byelong@ucl.ac.uk Senior Network Development Officer Network Group Information Systems Division University College London Gower Street Phone: 020 7679-2572 London WC1E 6BT ------------------------------------------------------------------------