eap type for Windows client authentication without certificate
Tal Nur
nurtal at yahoo.com
Fri Sep 13 05:27:34 CEST 2019
Hi All,
I think I'm asking simple question.I installed FR 3.0.19 for eduroam and I used configuration files from eduroam.org.I noticed that my Windows clients must install CA certificate to successfully log in.My question is what type our EAP I should to use to allow them be authenticated without certificate?Is it possible to use both types of authentication at the same time?
Here is my eap file:
eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = QwerAsdf1992! private_key_file = ${certdir}/server.key certificate_file = ${certdir}/server.pem ca_file = ${cadir}/ca.pem dh_file = ${certdir}/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } ttls { default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "eduroam-inner-tunnel" } peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "eduroam-inner-tunnel" } mschapv2 { } }
More information about the Freeradius-Users
mailing list