Freeradius authentication with SSL client certificates
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Nov 26 18:04:39 CET 2018
> On Nov 26, 2018, at 3:06 PM, Tom Yard <tomyyard at gmail.com> wrote:
>
> Hi people, I wanto to implement a Freeradius authentication scheme, using
> server and client SSL certificates: every client that require WiFI access
> has to have a valid SSL certificate.
>
> I think I have to use:
>
> Authetication methos: EAP-TLS
> Authentication protocol with NTLM: MSCHAP or MSCHAPv2
>
> My clients are Windows, Linux and maybe Android.
>
> Is my proposal correct ?
EAP-TLS can't carry and inner method, so not really. You can use EAP-TTLS with a client cert (so it behaves like EAP-TLS), and then run EAP-MSCHAPv2 as the inner method to do NTLM.
-Arran
More information about the Freeradius-Users
mailing list