Wifi-Enabled Phones + FreeRadius
Fajar A. Nugraha
fajar at fajar.net
Thu Aug 26 10:49:42 CEST 2010
On Thu, Aug 26, 2010 at 3:24 PM, rrperez <rrperez at apc.edu.ph> wrote:
>>For example, iphone (from Apple's docs) supports EAP-TLS, EAP-TTLS,
>>EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, and LEAP. I've tried it with
>>PEAP-GTC, and it works, so you might want to try EAP-TTLS/PAP and see
>>how it goes. If it doesn't, they try other methods.
>
> I tested also an iPhone 2G to my server, but it still uses MS-CHAPv2 even
> though I configured my server to do TTLS-PAP.
That's odd. Did you already disable EAP/MS-CHAP on eap.conf (since you
can't use it anyway with your setup)?
In my eap.conf, I have (most important parts only)
eap {
default_eap_type = peap
gtc {
auth_type = LDAP # back then it was needed to
specify this, not sure about now
}
peap {
default_eap_type = gtc
}
}
other lines not shown there (like TLS part) should be left as it is,
but I specifically comment out all mschapv2 and TTLS entries. In your
case you might want to start by simply comment-out mschapv2 entry on
eap.conf.
Using this setup I simply have to select the wifi network name on
iphone, enter username & password, and accept the certificate warning.
You could also contact Apple support and ask if they support TTLS-PAP.
--
Fajar
More information about the Freeradius-Users
mailing list