PEAP LDAP confusion
David Mitton
david at mitton.com
Sun Aug 20 04:49:43 CEST 2006
On 8/18/2006 03:42 PM, Michael Lecuyer wrote:
>Rob Shepherd wrote:
> > The setup uses PEAP, however am I correct in thinking that the RADIUS
> > server never touches any TLS components. The TLS tunnel is between the
> > WLAN controller and the client right?
>
>PEAP - Protected EAP - the protection is the TLS tunnel which is
>between the RADIUS client and RADIUS server.
ummm... No.
The PEAP tunnel is from the EAP Peer (client or wifi supplicant) to
the EAP Server (which is typically connected to or part of the RADIUS server).
The Access Point is the RADIUS client. No RADIUS goes over the radio.
But the PEAP protects the EAP authentication in the air.
That said, most RADIUS server implementations call a TLS module or
service to deal with it, as it not really part of RADIUS
proper. EAP like other forms of authentication isn't always
resolved by the RADIUS server, it just gets the answer and communicates it.
Dave.
More information about the Freeradius-Users
mailing list