EAP-TTLS w/ files - cert and username issues]
jck-freeradius at southwestern.edu
jck-freeradius at southwestern.edu
Thu Jul 7 21:42:57 CEST 2005
On Thu, Jul 07, 2005 at 01:33:31PM -0400, Alan DeKok wrote:
> jck-freeradius at southwestern.edu wrote:
> > I am experiencing several barriers in getting the FreeRadius 1.0.2
> > port to work, in FreeBSD 5.4-RELEASE. The supplicant is XP SP2,
> > requesting through a Cisco 1100 AP NAS.
>
> SP2 ha sknown interoperability problems with RADIUS servers. See
> Microsoft's web site for a hot fix.
This hotfix is to correct PEAP the Type:Length:Value format. I am doing
EAP-TTLS, not PEAP. This raise another question:
My Authentication type is: TTLS
What should my Authentication Protocol be?
I have the choices of MS-CHAP-V2, MD5 or PAP. I am unsure which one
is the optimal choice. I am thinking either MS-CHAP-V2 or MD5.
Depending on which protocol I select, default_eap_type line
in eap.conf need to reflect the protocol (I want to do EAP-TTLS)?
>
> > When I can get everything working with the built-in XP 802.1x
> > authentcation client, I would like to enable multiple VLAN support into my
> > radius config.
>
> Sure. Just send back tunnel attributes.
Thanks. I will look into this when I have these other situations
handled.
>
> > Why am I seeing \\username, instead of just username?
>
> Because that's what the client is sending.
Sure, understood.
How do I prevent the \\ from happening?
I noticed the prefixing of my username with \\ as soon as the supplicant
(windows XP) began requesting a "Roaming Identity." I have no idea
what this dialog means, and I would like to know how to prevent
it from coming up (it seems to be releated to selecting TTLS as
my Authentication type).
>
> > Is there a way to disable the validation of a CA in the built-in
> > XP supplicant 802.1x authentication dialog?
>
> Yes. Uncheck "validate server sertificate".
>
> Alan DeKok.
Thank you for your assistance!
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--johnk
----- End forwarded message -----
--
More information about the Freeradius-Users
mailing list