EAP-TLS OK - EAP-PEAP KO!! why that?
Alan DeKok
aland at deployingradius.com
Sat Jul 19 19:12:05 CEST 2008
Reveal MAP wrote:
> does someone find normal that EAP-TLS authentication works and not EAP-PEAP?
It depends on how you configure the system.
> I called a SSID "TLS" where security is "WPA Enterprise". it expet users
> to be authenticated via FREERADIUS to be allowed on the network.
> so i use a certificate, and the commonname of this certificate is
> "testuser01". authentication success cause certificate is valid, but i
> have no user called "testuser01" on user file, sql database, or AD.
That's how EAP-TLS works.
> so my first question is: doing EAP-TLS authentication, user is
> based_what? i mean, does user have to exist on a base like sql, ldap or
> a file, or just the certificate credentials are enough?
The certificate credentials are enough.
> second: using RADIUS for authetication in a LAN means that 802.1x is
> used. That's what i read. Right now, i notice that 802.1x is off on all
> my NAS... i forgot to set it "ON".
> so why does EAP-TLS Authentication runs OK... why that? (and EAP-PEAP
> still not ??)
You have give no information about why PEAP doesn't work. See the FAQ
for "it doesn't work".
Alan DeKok.
More information about the Freeradius-Users
mailing list