Hi,
Okey, i've searched and searched for a hint, hopefully this isn't one of those RTFM messages, and hopefully I didn't read an invalid FM ;-)
I'm trying to "emulate" the edunet network wireless roaming network, which primarily uses (in this order):
EAP-TTLS PEAP EAP-MSCHAPv2
My Access point is a router running the DD-WRT firmware which AFAICT should work fine for 802.1x support.
I first started on this page: http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-... which provides instructions on rebuilding the debian freeradius 1.1.7 package with ttls/peap/etc..
I'm authenticating from our local NT domain since we already have it, and in theory, these particular auth choices all work fine with the ntdomain password - according to the "Deploying Radius: The Book" chart I found online.
With that, and a few configuration options (like making sure the host was connected to the domain and ntlm_auth functioned as required), i've managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.
EAP-TTLS works fine with an account in the "users" file that has a clear text password, as well as a local /etc/password account. Ideally this should work with the ntdomain as well. I'm testing with a laptop running XP, with the secureW2 package installed to provide TTLS.
if you are using EAP-TTLS/PAP then you'll need a plain text password - this can be done via kerberos to the AD. otherwise EAP-TTLS/MSCHAPv2 should work just like PEAP i'd advise to get id of the DEFAULT Auth := System line from the users file alan