freeradius support eap-fast?
Alan DeKok
aland at deployingradius.com
Tue Nov 27 13:18:21 CET 2007
Josh Howlett wrote:
> I saw this :-). I had a question: EAP-TNC is intended to be bound to any
> tunneled EAP method but the last time I looked at the code the
> FreeRADIUS EAP state machine did not appear to support binding
> consecutive EAP methods in sequence to an arbitrary tunneled EAP method.
I'm not sure what that means... Does EAP-TNC go inside of a tunneled
method, or does it tunnel other methods?
If it goes inside of a tunneled method, then there's no problem. PEAP
and TTLS already support tunneling EAP types. PEAP is just EAP-TLS with
EAP-MSCHAPv2 inside of the tunnel.
I have also successfully tested PEAP/EAP-GTC, and TTLS/EAP-MSCHAPv2.
> Does this EAP-TNC implementation therefore require the use of a specific
> tunneled EAP method, or have there been some improvements to the EAP
> state machine to support this flexibility?
If EAP-TNC can go only inside of TTLS/PEAP, then the code likely needs
to be updated to check for that, and enforce that requirement.
Alan DeKok.
More information about the Freeradius-Users
mailing list