Definite Auth-Type via SQL-DB

dump at gmx.info dump at gmx.info
Tue May 3 16:40:27 CEST 2016


Many thanks for your answer.

> if you dont want your server to do PEAP , then remove it from the EAP
config....

I did, but now I'm receiving errors when running the server with the -X
option: Certificate Compatibility.

> however, how are you dealing with clients - as most still dont do
> EAP-TTLS/PAP (and if doing EAP-TTLS/PAP you cannot ensure that the
> client is correctly, securely configured - which for a PAP mathod is
> pretty much essential).

What do you mean with "dealing with clients"? Is there any client config
error which may cause sending the password not inside the TLS-Tunnel?
And what do you mean with client: The NAS or the dial up client?

But also using a CHAP-Password would then not lead to an improved
security when sending it not via the encrypted tunnel, does it?

Many thanks and
best regards

Jens




More information about the Freeradius-Users mailing list