FR eap-ttls , winxp client configuration
Hi, i want to change my current setup (eap-tls) to eap-ttls so that i don't need the client certificates. I really not understanding how to use the options and if should i use them: copy_request_to_tunnel = no use_tunneled_reply = no Can somebody give some hints on configuring Win XP with SecureW2 in this scenario? thanks, B
Bruno Quintas <bruno.quintas@itconnect.pt> wrote:
I really not understanding how to use the options and if should i use them:
copy_request_to_tunnel = no use_tunneled_reply = no
These options are documented in the comments in eap.conf. Do you have specific questions about the documentation, or do you want it re-posted here?
Can somebody give some hints on configuring Win XP with SecureW2 in this scenario?
These options have nothing to do with configuring XP. See the various HOWTO's for that. Alan DEKok.
Thanks for your feedback Alan, i'll try to be clearer: What changes should i do in the server to change the current setup EAP-TLS to EAP-TTLS? Based on the documents eap.conf: default_eap_type = ttls in eap section comment tls and uncomment ttls? The purpose of using ttls is to eliminate the need for client certificates. I have read in several articles (which considered this to be the main advantage over eap-tls), but all the howtos i've seen - including secure2w ttls client assume the existence of client certificates. TIA BQ
Can somebody give some hints on configuring Win XP with SecureW2 in this scenario?
These options have nothing to do with configuring XP. See the various HOWTO's for that.
Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bruno Quintas <bruno.quintas@itconnect.pt> wrote:
What changes should i do in the server to change the current setup EAP-TLS to EAP-TTLS? Based on the documents eap.conf:
default_eap_type = ttls in eap section comment tls and uncomment ttls?
The howto's say that you need TLS to do TTLS. After that, setting "default_eap_type = ttls" helps, but it's not strictly necessary.
The purpose of using ttls is to eliminate the need for client certificates. I have read in several articles (which considered this to be the main advantage over eap-tls), but all the howtos i've seen - including secure2w ttls client assume the existence of client certificates.
TTLS can use client certificates, but it doesn't require them. Alan DeKok.
participants (2)
-
Alan DeKok -
Bruno Quintas