EAP-TTLS w/ files - cert and username issues]

jck-freeradius at southwestern.edu jck-freeradius at southwestern.edu
Thu Jul 7 21:42:57 CEST 2005

On Thu, Jul 07, 2005 at 01:33:31PM -0400, Alan DeKok wrote:
> jck-freeradius at southwestern.edu wrote:
> > I am experiencing several barriers in getting the FreeRadius 1.0.2
> > port to work, in FreeBSD 5.4-RELEASE.  The supplicant is XP SP2,
> > requesting through a Cisco 1100 AP NAS.
>   SP2 ha sknown interoperability problems with RADIUS servers.  See
> Microsoft's web site for a hot fix.

This hotfix is to correct PEAP the Type:Length:Value format.  I am doing
EAP-TTLS, not PEAP.  This raise another question:

My Authentication type is: TTLS

	What should my Authentication Protocol be?

I have the choices of MS-CHAP-V2, MD5 or PAP.  I am unsure which one
is the optimal choice.  I am thinking either MS-CHAP-V2 or MD5.  

	Depending on which protocol I select, default_eap_type line
	in eap.conf need to reflect the protocol (I want to do EAP-TTLS)?

> > When I can get everything working with the built-in XP 802.1x
> > authentcation client, I would like to enable multiple VLAN support into my
> > radius config.  
>   Sure.  Just send back tunnel attributes.

Thanks.  I will look into this when I have these other situations

> > 	Why am I seeing \\username, instead of just username?
>   Because that's what the client is sending.

Sure, understood.  

	How do I prevent the \\ from happening? 

I noticed the prefixing of my username with \\ as soon as the supplicant
(windows XP) began requesting a "Roaming Identity."  I have no idea
what this dialog means, and I would like to know how to prevent
it from coming up (it seems to be releated to selecting TTLS as
my Authentication type).
> > 	Is there a way to disable the validation of a CA in the built-in
> > 	XP supplicant 802.1x authentication dialog? 
>   Yes.  Uncheck "validate server sertificate".
>   Alan DeKok.

Thank you for your assistance!

> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


----- End forwarded message -----


More information about the Freeradius-Users mailing list