EAP + TLS + Unix passwords

Andy Theuninck gohanman at gmail.com
Thu Nov 19 20:36:33 CET 2009


> 1.1.3 is not latest available for CentoOS:
>
> http://wiki.freeradius.org/Red_Hat_FAQ
>
Understood. I meant it was the latest version the package manager
would grab for me.

> You are using EAP-TTLS/MS-CHAP with system (crypted) passwords. It's
> impossible:
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> You can use EAP-TTLS/PAP with them.
Thanks. That's the exactly the missing piece I needed. I can see how
to change the inside protocol on TTLS to PAP, at least on OS X.

> Don't post configuration files. We know what's in them from the debug.
Apologies. Wasn't sure on the etiquette there.

In the meantime, I managed to make a new mess. I accidentally ran
radiusd without the -X option and couldn't figure out how to
"properly" stop it so I just killed the process. Now when I run
radiusd -X, it claims to be listening on 1812 and 1813, but nmap says
it isn't and I can't get a telnet connection off either port. My
firewall config hasn't changed, but just for good measure I turned
iptables off completely and still get the same results... Anyone seen
this particular mistake before?



More information about the Freeradius-Users mailing list