EAP-TTLS with LDAP and KRB5?
Jonathan D. Proulx
jon at csail.mit.edu
Wed Oct 15 19:40:53 CEST 2008
On Wed, Oct 15, 2008 at 07:47:48AM +0200, Alan DeKok wrote:
: You will need to put something like this in the "users" file:
:
:DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Kerberos
:
:
:> Before I start pulling my hair out is even possible?
:
: Yes. IF the inner tunnel session contains a cleartext password. CHAP
:won't work, and neither will MS-CHAP.
Excellent, thanks also for your pointer to your page about eapol_test
both for testing purposes and because the exaple had this critical
line the got my client config right:
phase2="auth=PAP"
So now eapol_test and my linux wpa_supplicant laptop can connect
either with LDAP/KRB5 users or users from the users file, that will
get me through opening day Monday, and I might even beable to have the
weekend off!
Many Thanks,
-Jon
More information about the Freeradius-Users
mailing list