Freeradius, EAP-TTLS ans eDirectory

"Jóhann B. Guðmundsson" johannbg at hi.is
Tue Nov 28 15:22:00 CET 2006 

Mariano Morano wrote:
> Hi all,
>  We are working in a RFP and one of the customer's requirement is that we must support EAP-TTLS with Freeradius   integrated with eDirectory as back-end.
>
> We were reading the Novell documentation  and at the Novell page, there appears "How to integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 on wards to allow wireless authentication for eDirectory users." and it not mntions EAP-TTLS (only EAP-TLS)
>
>
> SO, Some questions:
>  
> 1) First, can we use Freeradius with EAP-TTLS and eDirectory as back end ? 
> 2) if we can waht version of frereadius should we use ?
> 3) Ca someone send us information about how do that?
>
> I would appreciate any hel ASAP
>
> Thanks in advance.
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Follow Novells latest document about Integrate Novell® eDirectoryTM with FreeRADIUS

Then just make sure that these lines are present and uncommented in radius.conf 

# radius.conf (Fresh install these lines are present and uncommented in radius.conf)

$INCLUDE ${confdir}/eap.conf

authorize {
	   eap
	  }

authenticate {
	      eap
	     }

post-proxy {
	   eap
	   }

then change eap.conf to look something like this....        

	eap {                
                default_eap_type = tls
                timer_expire     = 60
                ignore_unknown_eap_types = no
                cisco_accounting_username_bug = no

                md5 {
                }

                leap {
                }

                gtc {
                        #challenge = "Password: "
                        auth_type = PAP
                }

                tls {
			private_key_password = example-password
			private_key_file = ${raddbdir}/certs/cert-srv.pem
			certificate_file = ${raddbdir}/certs/cert-srv.pem
			CA_file = ${raddbdir}/certs/root.pem
			dh_file = ${raddbdir}/certs/dh
			random_file = ${raddbdir}/certs/random
			fragment_size = 1024
			include_length = yes
		}

                ttls {
                #       default_eap_type = md5 # you may have to uncomment eithor one of these depends on your configuration...
		#	default eap_type = pap # 
                       copy_request_to_tunnel = no
                       use_tunneled_reply = no
                }


	        # peap {
                #       default_eap_type = mschapv2
                #       copy_request_to_tunnel = no
                #       use_tunneled_reply = no
                #       proxy_tunneled_request_as_eap = yes                
		#}
		mschapv2 {
                }
        }

Create the certificates....

configure proxy.conf and client.conf and user.conf to suit your needs 
and your ready to go 

Best Regards
            Johann B.

More information about the Freeradius-Users mailing list