EAP-TTLS-PAP Doesn't send Clear-Password to proxy-innter-tunnel
Mehran Meidani
m.meidani at me.com
Thu Aug 4 16:14:36 CEST 2016
Okay; I got it.
Isn't there any way to force client to send PAP inside of the tunnel?
Something like:
If (auth_type != PAP)
Return notsupported
Sent from my iPhone
Sent from my iPhone
>> On Aug 4, 2016, at 2:53 AM, Alan DeKok <aland at deployingradius.com> wrote:
>>
>>> On Aug 3, 2016, at 7:38 PM, Mehran Meidani <m.meidani at me.com> wrote:
>>>
>>> You don't configure FreeRADIUS to use PAP. You configure the EAP supplicant (Windows PC, iPhone, etc.) to do TTLS + PAP.
>>> As always, reading it helps.
>>> See? No User-Password inside of the tunnel.
>> So you mean I should enable pap in proxy-inside-tunnel authorization section before proxy-to-realm?
>
> What I said was that no amount of poking FreeRADIUS will make this work.
>
> So no, THERE IS NO CHANGE YOU CAN MAKE TO FREERADIUS WHICH WILL SOLVE THE PROBLEM.
>
> IT IS NOT A PROBLEM WITH FREERADIUS.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list