EAP-TTLS and PAP inner tunnel authentication
Hi,
From a suggestion on the mailing list I plan on using EAP-TTLS and PAP inner tunnel authentication.
The reason I'm going this route is because I want to authenticate against linux user accounts and the password is encrypted in /etc/shadow so the ms-chap route is no good since it can't work with encrypted passwords. How do I configure free radius to work with EAP-TTLS and PAP inner tunnel authentication, I wasn't able to find much on the net. I'm quite a fast learner however. Are there any sample config files for what I'm after? Setting up the clients seems easy from here. http://vuksan.com/linux/dot1x/wpa-client-config.html Sura
FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on July 29, 2005 at 01:40 -0800 wrote:
From a suggestion on the mailing list I plan on using EAP-TTLS and PAP inner tunnel authentication.
The reason I'm going this route is because I want to authenticate against linux user accounts and the password is encrypted in /etc/shadow so the ms-chap route is no good since it can't work with encrypted passwords.
How do I configure free radius to work with EAP-TTLS and PAP inner tunnel authentication, I wasn't able to find much on the net. I'm quite a fast learner however.
Hi Sura, Just follow the config file comments for enabling TTLS and make it the default EAP type. Just make sure you follow the instructions here: http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html for making your "random" and "dh" files -- I haven't seen this documented officially, however I have seen other instructions that *broke* our certificate use. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)
participants (2)
-
Kris Benson -
lists.mailing@surasoft.com