EAP-TTL Proxy LDAP
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Mar 5 21:27:31 CET 2008
Hi,
> PC 1: Supplicant.Access by networkManager.
> The crendential are: login= david at i2t passwd=david EAP=TTLS phase2=PAP
> PC 2: HostAP. It's correctly configured and works fine.
> PC 3: Proxy Freeradius. It has got a realm i2t defined, and proxyes the
> access requests to de PC4.
> PC 4: Final Freeradius. It contains the credential for the users of the
> i2t realm stored on a LDAP directory.
>
> The interconections between the PCs is this one:
>
> PC1 <-----> PC2 <-----> PC3 <-----> PC4
thankyou for your clear documentation.
as for your answers. the EAP is terminated on PC4 - thus the certificates
need to be on PC4. PC3 is only a proxy server for the outer realm ID "i2t"
> The conections between PC1&PC2 and PC2&PC3 are encrypted. But, what
> about PC3&P4? Is also a secure comunication?
PC3 to PC4 will be protected via the RADIUS shared secret
> Once the tunnel has been created, what type of authentication method
> shall I use?
any that you can support.
> Can I afford to use PAP with an LDAP direcotry at the backend PC?
> CHAP? GTC?
PAP is easy - but you could use eg MD5 or MSCHAPv2 - so long as
the LDAP contains the correct password format available for FR to
read (eg MD5 password or NT-hased password for challenge-response)
alan
More information about the Freeradius-Users
mailing list