Authentication problems depending on connection type
Alex Gregory
alex at c2company.com
Fri Oct 24 19:26:18 CEST 2014
Thank you, Alan. I am learning the protocols. A little more each day.
I was under the impression that, with EAP, it encapsulates the password in the EAP transmission. If I can only do EAP, then that means it can never send it in the clear. Which means, if I want to send the radius server the password in the clear (since its OTP) what I am doing can’t be done. Is this correct?
Thanks,
Alex
> On Oct 23, 2014, at 6:56 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> Alex Gregory wrote:
>> ... In order to do that I have to send the passwords in the clear so I am using PAP-TTLS in the configuration utility to create the profile.
>
> So you want to use EAP.
>
>> ... It looks like it does EAP which I do not want it to do.
>
> And now you don't want to use EAP.
>
> Which is it?
>
>> My question is am I using the same radius config sections when I connect via the OS dialog?
>
> Yes.
>
>> What could cause the change on how things are forwarded from the FreeRadius server?
>
> The end system sends different information to the NAS. The NAS sends
> different information to the RADIUS server.
>
> I think you're confused about how things work, and what you want the
> server to do. You probably need to start over.
>
> In short, authenticated WiFi uses EAP. You can't change this.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list