EAP-TLS and EAP-TTLS/MSCHAPv2 in parralel...possible ?

Ben ben+freeradius at list-subs.com
Fri Feb 28 10:11:43 CET 2014


I've got a solution currently in place that works beautifully 
authenticating users with certificates using EAP-TLS.

Unfortunatley, I need to start catering for users who have, shall we 
say, "limited" endpoints that only support TTLS/MSCHAPv2 type 
authentication (things like Amazon Kindle Paperwhotsits" for example, 
have a limited implementation that you can't seem to stick certificates 
on without jailbreaking... and that ain't gonna happen).

So, I'm a bit lost for ideas ?   I'm not a freeradius guru either... and 
the config files I've had a quick peek at seem to suggest bad things 
will happen .... e.g. the following comment ....

         # Note that this means "check plain-text password against
         # the ldap database", which means that EAP won't work,
         # as it does not supply a plain-text password.

Ideas most welcome !



More information about the Freeradius-Users mailing list