help seeing more debugging EAP-TTLS handshake

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Fri Sep 25 14:47:39 CEST 2015


>> openssl dhparam -in dh -text -noout
>> 
>>>                ttls {
>>>                        default_eap_type = md5
>> 
>> md5? really?  I'm sure you want that to be mschapv2 for your systems.
>> dont think OSX
>> will renegotiate.
>> 
> 
> I need PAP inside the EAP-TTLS, because I need to proxy the PAP request to
> a PAP-only RADIUS server. EAP-MD5 is actually disabled, but I found I still
> need a non-TLS default_eap_type inside the ttls block. As we are not

Try "gtc" as the default ttls type... that gives you generic token card, which when you look at the gtc { ... } stanza gives you PAP internally.

GTC should also be supported by Windows... ;-)

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150925/513e5b3f/attachment.sig>


More information about the Freeradius-Users mailing list