Testing EAP-PEAP with freeradius

Phil Mayers p.mayers at imperial.ac.uk
Thu Jan 11 12:46:13 CET 2007


Bin Chen wrote:
> Hi,
> 
> I want to deploy the EAP-PEAP in our WLAN hotspot, we are using EAP-TLS 
> before and it works fine with our AP. But a PKI is very inconvenient so 
> we want to migrate to EAP-PEAP.
> 
> Any changes need to be done to radiusd.conf? The client will provide the 
> user-name and password, the file 'users' will used to match the 
> user-name and password? And is it enough? I mean, in EAP-TLS it also 
> need user-name and password, just left the same as EAP-TLS?

You need to edit eap.conf and set the default eap type to "peap", enable 
"mschapv2" in the "peap" section, and correctly configure the "mschap" 
module in the main radiusd.conf

This is well documented.

> 
> And, I also want to know when the AP or Windows client encounter 
> obstacle to cooperate with this change, which client should I use to 
> verify in freeradius side the configuration is work but not the windows 
> client's problem? Can radclient be used and how can I do?

See "eapol_test" in the "wpa_supplicant" distribution.



More information about the Freeradius-Users mailing list