Wifi-Enabled Phones + FreeRadius

Fajar A. Nugraha fajar at fajar.net
Thu Aug 26 10:49:42 CEST 2010


On Thu, Aug 26, 2010 at 3:24 PM, rrperez <rrperez at apc.edu.ph> wrote:
>>For example, iphone (from Apple's docs) supports EAP-TLS, EAP-TTLS,
>>EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, and LEAP.  I've tried it with
>>PEAP-GTC, and it works, so you might want to try EAP-TTLS/PAP and see
>>how it goes. If it doesn't, they try other methods.
>
> I tested also an iPhone 2G to my server, but it still uses MS-CHAPv2 even
> though I configured my server to do TTLS-PAP.

That's odd. Did you already disable EAP/MS-CHAP on eap.conf (since you
can't use it anyway with your setup)?
In my eap.conf, I have (most important parts only)

        eap {
                default_eap_type = peap
                gtc {
                        auth_type = LDAP # back then it was needed to
specify this, not sure about now
                }
                peap {
                        default_eap_type = gtc
                }
        }

other lines not shown there (like TLS part) should be left as it is,
but I specifically comment out all mschapv2 and TTLS entries. In your
case you might want to start by simply comment-out mschapv2 entry on
eap.conf.

Using this setup I simply have to select the wifi network name on
iphone, enter username & password, and accept the certificate warning.

You could also contact Apple support and ask if they support TTLS-PAP.

-- 
Fajar




More information about the Freeradius-Users mailing list