EAP-TTLS-PAP Doesn't send Clear-Password to proxy-innter-tunnel

Mehran Meidani m.meidani at me.com
Thu Aug 4 16:14:36 CEST 2016


Okay; I got it.
Isn't there any way to force client to send PAP inside of the tunnel?
Something like:
If (auth_type != PAP)
   Return notsupported

Sent from my iPhone



Sent from my iPhone
>> On Aug 4, 2016, at 2:53 AM, Alan DeKok <aland at deployingradius.com> wrote:
>> 
>>> On Aug 3, 2016, at 7:38 PM, Mehran Meidani <m.meidani at me.com> wrote:
>>> 
>>> You don't configure FreeRADIUS to use PAP.  You configure the EAP supplicant (Windows PC, iPhone, etc.) to do TTLS + PAP.
>>> As always, reading it helps.
>>> See?  No User-Password inside of the tunnel.
>> So you mean I should enable pap in proxy-inside-tunnel authorization section before proxy-to-realm?
> 
> What I said was that no amount of poking FreeRADIUS will make this work.
> 
> So no, THERE IS NO CHANGE YOU CAN MAKE TO FREERADIUS WHICH WILL SOLVE THE PROBLEM.
> 
> IT IS NOT A PROBLEM WITH FREERADIUS.
> 
> Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list