EAP + TLS + Unix passwords

tnt at kalik.net tnt at kalik.net
Thu Nov 19 20:48:58 CET 2009


>> 1.1.3 is not latest available for CentoOS:
>>
>> http://wiki.freeradius.org/Red_Hat_FAQ
>>
> Understood. I meant it was the latest version the package manager
> would grab for me.
>
>> You are using EAP-TTLS/MS-CHAP with system (crypted) passwords. It's
>> impossible:
>>
>> http://deployingradius.com/documents/protocols/compatibility.html
>>
>> You can use EAP-TTLS/PAP with them.
> Thanks. That's the exactly the missing piece I needed. I can see how
> to change the inside protocol on TTLS to PAP, at least on OS X.

To do same with windows you will need something like SecureW2 or
wpa_supplicant.

> In the meantime, I managed to make a new mess. I accidentally ran
> radiusd without the -X option and couldn't figure out how to
> "properly" stop it so I just killed the process. Now when I run
> radiusd -X, it claims to be listening on 1812 and 1813, but nmap says
> it isn't and I can't get a telnet connection off either port. My
> firewall config hasn't changed, but just for good measure I turned
> iptables off completely and still get the same results... Anyone seen
> this particular mistake before?

Oh yes. I have left the debug running and closed the console window plenty
of times. killall radiusd should do it.

Ivan Kalik




More information about the Freeradius-Users mailing list