# EAP-TTLS w/ files - cert and username issues]

Thu Jul 7 21:42:57 CEST 2005

```On Thu, Jul 07, 2005 at 01:33:31PM -0400, Alan DeKok wrote:
> > I am experiencing several barriers in getting the FreeRadius 1.0.2
> > port to work, in FreeBSD 5.4-RELEASE.  The supplicant is XP SP2,
> > requesting through a Cisco 1100 AP NAS.
>
>   SP2 ha sknown interoperability problems with RADIUS servers.  See
> Microsoft's web site for a hot fix.

This hotfix is to correct PEAP the Type:Length:Value format.  I am doing
EAP-TTLS, not PEAP.  This raise another question:

My Authentication type is: TTLS

What should my Authentication Protocol be?

I have the choices of MS-CHAP-V2, MD5 or PAP.  I am unsure which one
is the optimal choice.  I am thinking either MS-CHAP-V2 or MD5.

Depending on which protocol I select, default_eap_type line
in eap.conf need to reflect the protocol (I want to do EAP-TTLS)?

>
> > When I can get everything working with the built-in XP 802.1x
> > authentcation client, I would like to enable multiple VLAN support into my
>
>   Sure.  Just send back tunnel attributes.

Thanks.  I will look into this when I have these other situations
handled.

>
>
>   Because that's what the client is sending.

Sure, understood.

How do I prevent the \\ from happening?

I noticed the prefixing of my username with \\ as soon as the supplicant
(windows XP) began requesting a "Roaming Identity."  I have no idea
what this dialog means, and I would like to know how to prevent
it from coming up (it seems to be releated to selecting TTLS as
my Authentication type).

>
> > 	Is there a way to disable the validation of a CA in the built-in
> > 	XP supplicant 802.1x authentication dialog?
>
>   Yes.  Uncheck "validate server sertificate".
>
>   Alan DeKok.

>
> -