Test Environment: Can PEAPv0 and PEAPv1 be setup together on the default instance?
Alan DeKok
aland at deployingradius.com
Sat Mar 3 09:38:32 CET 2012
whopeman wrote:
> I am fairly new to FreeRADIUS, so pelase bear with me a bit. I have
> searched the forums and websites to find an implementation that allows me to
> configure my server to process BOTH PEAP MSCHAP and PEAP/EAP-GTC (v0 and
> v1). I have not found anyone trying to do this, but I am not working on a
> production system this is for test purposes.
Don't use PEAPv1. It's even less documented than PEAPv0. It's used
by pretty much no one.
> My GOAL:
> I am working to setup a test environment that allows us to test our products
> using EAP-TLS, EAP-TTLS, LEAP, PEAP/MSChap, and PEAP/EAP-GTC.
Don't use LEAP. It's insecure. Don't put it into new products, and
don't allow people to configure it.
> CURRENT:
> What I have so far is a working system that processes everything except
> PEAP/EAP-GTC. All authentication is performed through a local LDAP solution
> (setup with CLEAR-TEXT again testing not production).
FreeRADIUS does this in the default install, and contains EAP tests
(src/tests) for all major EAP types.
> I have run wireshark and grabbed the packet traces as well, when my client
> connects it requests PEAP as the preferred auth type but FR seems to be
> pushing v0 as the request type and does not seem to be allowing for v1. My
> client does not handle this gracefully.
Then the client is broken, and should be fixed.
> My QUESTION:
> Is there an easy way to configure FR to allow for both types of requests?
Not really. By the time that the client has sent a PEAPv1 request,
the EAP session has started. You can't switch EAP sessions from the
"eap" module to the "eap2" module.
> I
> have been looking at the virtual server options without much luck in
> understanding how to configure a secondary virtual server to provide a GTC
> interface. If that is a recommendation, any guidance on setting up a
> straight EAP-GTC via LDAP virtual server would be appreciated.
Read eap.conf. Look for "gtc". This is documented. It works in the
default install.
Alan DeKok.
More information about the Freeradius-Users
mailing list