Is it possible to specify which authorization mode is being used?

Kristian Faller kristian.faller at remarkable.no
Mon Aug 10 12:57:29 CEST 2020


Hi Mr. DeKok,

Thank you for your reply and for clarifying what side of the connection
determines what protocol is being used. I will read on your website and in
mods-available/eap as well.

ons. 5. aug. 2020 kl. 14:07 skrev Alan DeKok <aland at deployingradius.com>:

> On Aug 5, 2020, at 4:48 AM, Kristian Faller <kristian.faller at remarkable.no>
> wrote:
> > Is it possible to specify which authentication mode and tunnel type are
> > being used?
>
>   Yes and no.  The client is the one which chooses a particular EAP type.
> But the server has to be configured to accept it.
>
> > If yes, what files do I need to modify in order to do this? I
> > have tried reading the documentation and looking through some of the
> config
> > files, but as a complete beginner at this, I'm not sure if I'm even
> looking
> > in the right places.
>
>   mods-available/eap has full documentation.
>
>   The default configuration is designed to work in as many situations as
> possible.  So generally it's just add a "known good" name/password to the
> config, and most EAP types will work.
>
>   I have a full guide on my site:  http://deployingradius.com
>
> > Background: I work with software testing for reMarkable (we create an E
> ink
> > tablet based on Linux), and we want to conduct more specified testing on
> > WPA Enterprise (802.1X over Wi-Fi). At the moment we have done testing on
> > our network gear which consists of Ubiquiti Unifi which only implements
> > eap_peap with MSCHAPv2. While this is probably used for many companies
> all
> > over the world, we would like to test other kinds of authentication and
> > tunnel types, thus I started setting up FreeRadius on a Raspberry Pi 4,
> > running Ubuntu 19.10 for IoT devices.
>
>   If you use wpa_supplicant, it will work everywhere, with everything.
>
> > Our tablet runs a flavor of Linux, using wpa_supplicant and should (in
> > theory) be able to connect to most kinds of network. However, we know
> that
> > certificate-based networks won't work at the moment due to not having a
> way
> > to import licenses. However, I do believe there are other types of
> networks
> > not needing certificates, and these are the ones we'd like to test.
>
>   EAP-TLS needs client certificates.  Other EAP types (PEAP, TTLS) still
> need to have a CA certificate configured on the client.
>
> > I got FreeRadius up and running, but for every connection attempt, I can
> > see from the output with "freeradius -X" that eap_peap and MSCHAPv2 are
> > used. I want to be able to set specific (valid) values so that our
> company
> > can implement and properly test the different variations of auth modes
> and
> > tunnels.
>
>   See my web site.  There are example configuration for eapol_test to test
> most EAP types.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 

*Kristian Faller*

QA Engineer



kristian.faller at remarkable.com

+47 908 06 444 <+4790806444>



Biermanns gate 6, 0473 Oslo, Norway <https://goo.gl/maps/YU24JR1ZYQM2>

remarkable.com



[image: cid:85D31282-3FFB-4F74-B5D9-6CB7ED4003E7]



The privileged confidential information contained in this email is intended
for use only by the addressees as indicated by the original sender of this
email. If you are not the addressee indicated in this email or are not
responsible for delivery of the email to such a person, please kindly reply
to the sender indicating this fact and delete all copies of it from your
computer and network server immediately. Your cooperation is highly
appreciated. It is advised that any unauthorized use of confidential
information of REMARKABLE AS is strictly prohibited.


More information about the Freeradius-Users mailing list