Freeradius 2 , TTLS/PAP, multiples questions
Alan DeKok
aland at deployingradius.com
Fri Apr 17 15:34:19 CEST 2009
Jérôme BERTHIER wrote:
> I'm trying to configure Freeradius 2 to implement EAP/TTLS-PAP
> authentication method on my Cisco AP1242. It works but I'd like some
> precisions to get configuration files as small as possible.
Why? It's not like there are any CPU / memory / disk issues with
having the files 10K larger than their "optimal" size.
> What is the shortest way to configure it ?
Have test cases for what you need. Delete modules until the test
cases fail. Then, ensure that only those modules are in the configuration.
> First, what's the right way to implement check for Simultaneous-Use ?
> For cisco nas type, Freeradius seems to use snmp check but where should
> I configure SNMP read community in order to make it possible ?
In the checkrad script.
> Then, during EAP process, is it possible to check if inner identity
> equal outer identity and if not to reject request ?
Yes. See "man unlang". You can check inner/outer attributes.
> Finally, I've got problem with NetworkManager under Fedora 9 (not tested
> on other distribution). If Session resumption / fast reauthentication
> cache is not enabled, clients can't reassociate and ask for session
> resumption again. Is there a workaround ?
What does that mean? "if session resumption isn't enabled, clients
ask for session resumption" ?
Alan DeKok.
More information about the Freeradius-Users
mailing list