Re: EAP-TTLS w/ files - cert and username issues]
On Thu, Jul 07, 2005 at 01:33:31PM -0400, Alan DeKok wrote:
jck-freeradius@southwestern.edu wrote:
I am experiencing several barriers in getting the FreeRadius 1.0.2 port to work, in FreeBSD 5.4-RELEASE. The supplicant is XP SP2, requesting through a Cisco 1100 AP NAS.
SP2 ha sknown interoperability problems with RADIUS servers. See Microsoft's web site for a hot fix.
This hotfix is to correct PEAP the Type:Length:Value format. I am doing EAP-TTLS, not PEAP. This raise another question: My Authentication type is: TTLS What should my Authentication Protocol be? I have the choices of MS-CHAP-V2, MD5 or PAP. I am unsure which one is the optimal choice. I am thinking either MS-CHAP-V2 or MD5. Depending on which protocol I select, default_eap_type line in eap.conf need to reflect the protocol (I want to do EAP-TTLS)?
When I can get everything working with the built-in XP 802.1x authentcation client, I would like to enable multiple VLAN support into my radius config.
Sure. Just send back tunnel attributes.
Thanks. I will look into this when I have these other situations handled.
Why am I seeing \\username, instead of just username?
Because that's what the client is sending.
Sure, understood. How do I prevent the \\ from happening? I noticed the prefixing of my username with \\ as soon as the supplicant (windows XP) began requesting a "Roaming Identity." I have no idea what this dialog means, and I would like to know how to prevent it from coming up (it seems to be releated to selecting TTLS as my Authentication type).
Is there a way to disable the validation of a CA in the built-in XP supplicant 802.1x authentication dialog?
Yes. Uncheck "validate server sertificate".
Alan DeKok.
Thank you for your assistance!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--johnk ----- End forwarded message ----- --
jck-freeradius@southwestern.edu wrote:
My Authentication type is: TTLS
What should my Authentication Protocol be?
I have the choices of MS-CHAP-V2, MD5 or PAP. I am unsure which one is the optimal choice. I am thinking either MS-CHAP-V2 or MD5.
I would suggest PAP. It's the simplest, and most inter-operable.
How do I prevent the \\ from happening?
No idea, really. I don't use Windows much. Alan DeKok.
participants (2)
-
Alan DeKok -
jck-freeradiusï¼ southwestern.edu