PEAP and TTLS simultaneously?

Alan DeKok aland at
Tue Jun 10 17:07:25 CEST 2008

Tim Tyler wrote:
>   I am running Freeradius 1.1.3 on a Centos 5 system.

  I would suggest upgrading to 2.0.5.

>  My desire is to
> support PEAP mschapv2 clients against our ldap server's LM and NT
> passwords.  We also want to support some other clients with a TTLS - PAP
> against the posix passwords in our same ldap server.

  Why not just use the NT password?  It will work for TTLS + PAP, too.

>  I can get each
> configuration solution to work independently, but I can't get them to
> work when I try to combine them into one configuration.

  I don't see why.  Ensure that FreeRADIUS is pulling the NT password
from LDAP.  If PEAP works, then TTLS should work, too.

  Oh... you will likely want to upgrade.  The version you have is very,
very, old.

> 1. Is it possible to support both PEAP-mschapv2 and TTLS-PAP using the
> same ldap server with each user having both password hashes supported?

  Yes.  But it's a lot easier on the new versions of the server.

> 3. Would this be easier to accomplish if we were  using a 2.x version of
> Freeradius?  My only problem is that Centos and Redhat seem to take
> forever in supporting the most recent open source applications so I
> would have to find another RPM update source.

  You should be able to build an RPM yourself from the source.

  Alan DeKok.

More information about the Freeradius-Users mailing list