PEAP LDAP confusion

David Mitton david at
Sun Aug 20 04:49:43 CEST 2006

On 8/18/2006 03:42 PM, Michael Lecuyer wrote:
>Rob Shepherd wrote:
> > The setup uses PEAP, however am I correct in thinking that the RADIUS
> > server never touches any TLS components. The TLS tunnel is between the
> > WLAN controller and the client right?
>PEAP - Protected EAP - the protection is the TLS tunnel which is 
>between the RADIUS client and RADIUS server.

ummm... No.
The PEAP tunnel is from the EAP Peer (client or wifi supplicant) to 
the EAP Server (which is typically connected to or part of the RADIUS server).

The Access Point is the RADIUS client.  No RADIUS goes over the radio.
But the PEAP protects the EAP authentication in the air.

That said, most RADIUS server implementations call a TLS module or 
service to deal with it, as it not really part of RADIUS 
proper.   EAP like other forms of authentication isn't always 
resolved by the RADIUS server, it just gets the answer and communicates it.


More information about the Freeradius-Users mailing list