FR eap-ttls , winxp client configuration

Alan DeKok aland at ox.org
Wed Jun 15 20:43:52 CEST 2005


Bruno Quintas <bruno.quintas at itconnect.pt> wrote:
> What changes should i do in the server to change the current setup 
> EAP-TLS to EAP-TTLS?
> Based on the documents eap.conf:
> 
>    default_eap_type = ttls in eap section
>    comment tls and uncomment ttls?

  The howto's say that you need TLS to do TTLS.

  After that, setting "default_eap_type = ttls" helps, but it's not
strictly necessary.

> The purpose of using ttls is to eliminate the need for client 
> certificates.  I have read in several articles (which considered this to 
> be the main advantage over eap-tls), but all the howtos i've seen - 
> including secure2w ttls client assume the existence of client certificates.

  TTLS can use client certificates, but it doesn't require them.

  Alan DeKok.



More information about the Freeradius-Users mailing list