EAP-TTLS configuration with PAP inner
Colin Byelong
c.byelong at ucl.ac.uk
Tue Feb 23 11:32:22 CET 2010
Hi
Thanks for the quck reply.
> Hi,
>
>
>> We tend to use a anonymous at realm identity for the EAP outer ID, in our
>> current radius server this is defined in a users file and has the format
>> of anonymous Encrypted-Password=nevermatch is there a similar thing in
>> freeradius and where should this be defined ?
>>
> IIRC, this is just so that the user 'anonymous' is never treated as a real
> user so no real challenges regarding this ID are sent to the LDAP or SQL backend?
>
> We've never had to define an 'anonymous' username anywhere in FreeRADIUS
> config for this to not be a problem....basically, if you have anonymous at realm
> then FreeRADIUS suffic/realm/prefix code will note the realm part and proxy
> it through..and its its EAP it'll be proxied to the inner-tunnel (from then
> on the InnerID is what matters!)
>
>
Thanks I will try and configure this.
>> In the eap.conf file under the ttls section it asks for "
>> default_eap_type = tls" if I am using a pap password for the inner that
>> comes from a ldap server should I comment this section out ? Or will the
>> server ignore it ?
>>
> thats the default EAP type and hence the one that is initially challenged... if
> you want to optimize things then set it to you most commonly used method....we have
> it as 'peap' here but you'll be EAP-TTLS/PAP'ing? so that'd be 'ttls'
>
>
I thought it should be ttls but I found this to be a little confusing
"The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# TTLS tunnel, we recommend using EAP-MD5.
# If the request does not contain an EAP
# conversation, then this configuration entry
# is ignored.
as I have eap {
default_eap_type = ttls
Thanks
Colin
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
-----------------------------------------------------------------------
Colin Byelong Email: C.Byelong at ucl.ac.uk
Senior Network Development Officer
Network Group
Information Systems Division
University College London
Gower Street Phone: 020 7679-2572
London WC1E 6BT
------------------------------------------------------------------------
More information about the Freeradius-Users
mailing list