EAP-TTLS and PAP inner tunnel authentication

Kris Benson kbenson at sd57.bc.ca
Fri Jul 29 17:05:51 CEST 2005

FreeRadius users mailing list <freeradius-users at lists.freeradius.org> on
July 29, 2005 at 01:40 -0800 wrote:
>>From a suggestion on the mailing list I plan on using EAP-TTLS and PAP
>tunnel authentication.
>The reason I'm going this route is because I want to authenticate against
>user accounts and the password is encrypted in /etc/shadow so the ms-chap
>is no good since it can't work with encrypted passwords.
>How do I configure free radius to work with EAP-TTLS and PAP inner tunnel
>authentication, I wasn't able to find much on the net. I'm quite a fast

Hi Sura,

Just follow the config file comments for enabling TTLS and make it the
default EAP type.  

Just make sure you follow the instructions here:
http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html for making your
"random" and "dh" files -- I haven't seen this documented officially,
however I have seen other instructions that *broke* our certificate use.

Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

More information about the Freeradius-Users mailing list