can peap and ttls live together?

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Tue Apr 29 14:51:48 CEST 2008


Sergio Belkin wrote:
> Hi,
>
> I had been using EAP-TTLS, but I've commented in an earlier post, I
> have no luck with securew2 and Vista. So I am planning use a
> "secondary password" for radius in clear-text. But I'd want to know if
> TTLS and PEAP can live together, my current eap.conf is as follow:
>
> eap {
>                 default_eap_type = ttls
>                 timer_expire     = 60
>                 ignore_unknown_eap_types = no
>                 cisco_accounting_username_bug = no
>                 md5 {
>                 }
>                 leap {
>                 }
>                 gtc {
>                         auth_type = PAP
>                 }
>                 tls {
>                         private_key_file =
> /etc/pki/tls/certs/ips-spectrum-key.pem
>                         certificate_file =
> /etc/pki/tls/certs/ips-spectrum-crt.pem
>                         CA_file = /etc/pki/tls/certs/ips-ca-bundle.crt
>                         dh_file = ${raddbdir}/certs/dh
>                         random_file = ${raddbdir}/certs/random
>                         cipher_list = "DEFAULT"
>                 }
>                 ttls {
>                         default_eap_type = md5
>                         copy_request_to_tunnel = no
>                         use_tunneled_reply = yes
>                 }
>                 peap {
>                         default_eap_type = mschapv2
>                         copy_request_to_tunnel = no
>                         use_tunneled_reply = no
>                 }
>                 mschapv2 {
>                 }
>         }
>
>
>   
Yes. If the supplicant doesn't support TTLS it'll NAK the offer of 
EAP-TTLS and request PEAP. Default EAP type specifies the EAP type the 
server initially attempts to negotiate with the supplicant.

-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900




More information about the Freeradius-Users mailing list