EAP-TTLS not working

Marlen Caemmerer caemmerer at ash-berlin.eu
Fri Oct 28 15:07:40 CEST 2016



Am 2016-10-28 13:06, schrieb Matthew Newton: 

> On Fri, Oct 28, 2016 at 12:58:38PM +0200, Marlen Caemmerer wrote: Am 2016-10-27 14:14, schrieb Alan DeKok: 
> Because MS-CHAPv2 doesn't supply a password.
> The simple answer is that you should give the password to FreeRADIUS, and let FreeRADIUS authenticate the user. You shouldn't write a Perl script to do the authentication. 
> What would you recommend to let FreeRadius authenticate the user? LDAP
> or users file or something else?

 That totally depends on where your usernames/passwords are
 actually stored.

 i.e. where is your perl script looking? 

Basically the perl script is querying a service that just returns if the
user/password is correct or not. 
It queries LDAP but I dont need to specify and additional rights on the
LDAP server to make Radius able to connect to the LDAP. 
I guess this would require read permissions for the user/password

It this page here is still current 

http://deployingradius.com/documents/protocols/compatibility.html [1] 

I'd have to go for TTLS-PAP only anyway even if the LDAP was connected

With kind regards
 Marlen Caemmerer

 Alice Salomon Hochschule
 Marlen Caemmerer
 Alice-Salomon-Platz 5
 12627 Berlin

 Email: caemmerer at ash-berlin.eu

[1] http://deployingradius.com/documents/protocols/compatibility.html

More information about the Freeradius-Users mailing list