Allow EAP-TLS based authentications only
Hello all, I want to get my FR configuration to allow only EAP-TLS based authentications. Am I right in thinking that if I leave enabled only the EAP-TLS, the EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve what I want? In order words, essentially disable md5, leap, gtc, mschapv2 in the eap.conf. There should not be any need for me to touch the inner-tunnel or inner-eap, right? Thanks a lot, Panos
Panagiotis Georgopoulos wrote:
Am I right in thinking that if I leave enabled only the EAP-TLS, the EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve what I want? In order words, essentially disable md5, leap, gtc, mschapv2 in the eap.conf.
To allow only EAP-TLS, simply delete every *other* subsection from the eap configuration. You don't need TTLS, and you don't need PEAP.
There should not be any need for me to touch the inner-tunnel or inner-eap, right?
You do not need to touch inner-tunnel. I don't know what "inner-eap" is. Alan DeKok.
Panagiotis Georgopoulos wrote:
Am I right in thinking that if I leave enabled only the EAP-TLS, the EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve what I want? In order words, essentially disable md5, leap, gtc, mschapv2 in the eap.conf.
To allow only EAP-TLS, simply delete every *other* subsection from the eap configuration. You don't need TTLS, and you don't need PEAP.
Perhaps I wasn't very clear. I want to allow any TLS *based* authentications to occur, that is, any authentication that establishes a TLS tunnel and passes its credentials over it. If I am right, TTLS and PEAP belong to this category, thus I need them! So, if I configure only EAP-TLS, TTLS and PEAP in eap.conf, I should be ok, right? Cheers, Panos
Panagiotis Georgopoulos wrote:
Perhaps I wasn't very clear. I want to allow any TLS *based* authentications to occur, that is, any authentication that establishes a TLS tunnel and passes its credentials over it.
If I am right, TTLS and PEAP belong to this category, thus I need them! So, if I configure only EAP-TLS, TTLS and PEAP in eap.conf, I should be ok, right?
Yes. Alan DeKok.
participants (2)
-
Alan DeKok -
Panagiotis Georgopoulos