PEAP/EAP-TLS with client and server certificate

Marcelo Augusto Rodrigues Pimentel marcelo.pimentel at
Mon Apr 23 22:10:44 CEST 2007



            I´m trying to configure freeradius with PEAP + EAP-TLS, but I´m making some confusion to configure the radiusd.conf  (sections authorize and authentication) and eap.conf.

            Have someone implemented this configuration?

            In the eap.conf file the default eap type is TLS or PEAP?

            What I´ve to configure in the authorize and authentication sections?

            I´ve attached my conf files below.


            Best Regards ...


FreeRADIUS Version 1.0.1




eap {

default_eap_type = tls

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no


# Supported EAP-types


tls {

private_key_password = xxxxxxxxxxx

private_key_file = ${raddbdir}/certs/freeradius_key.pem

certificate_file = ${raddbdir}/certs/freeradius_cert.pem

CA_file = ${raddbdir}/certs/demoCA/cacert.pem

dh_file = ${raddbdir}/certs/dh

random_file = ${raddbdir}/certs/random

fragment_size = 1024


include_length = yes



peap {

default_eap_type = tls



#tls {

#private_key_password = xxxxxxxxxx

#private_key_file = ${raddbdir}/certs/freeradius_key.pem

#certificate_file = ${raddbdir}/certs/freeradius_cert.pem

#CA_file = ${raddbdir}/certs/demoCA/cacert.pem

#dh_file = ${raddbdir}/certs/dh

#random_file = ${raddbdir}/certs/random

#fragment_size = 1024

#include_length = yes



#mschapv2 {





radiusd.conf (only authorize and authentication sections)





# Instantiation


instantiate {



authorize {







# Authentication.

authenticate {

Auth-Type MS-CHAP {








"Mensagem protegida por sigilo profissional. Sua utilização indevida sujeita o infrator às penas da lei. Não sendo seu destinatário, por favor, elimine-a e informe o equívoco ao emitente."

"This e-mail message and any attachment are intended exclusively for the named addressee. They may contain confidential information which may also be protected by professional secrecy. Unless you are the named addressee (or authorised to receive for the addressee) you may not copy or use this message or any attachment or disclose the contents to anyone else. If this e-mail was sent to you by mistake please notify the sender immediately and delete this e-mail."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list