Enabling EAP-TTLS-PAP for wired usage
Matthew Newton
mcn at freeradius.org
Wed Jun 15 18:04:45 UTC 2022
On 15/06/2022 18:53, Florent Vercourt wrote:
> I’m currently setting up a freeradius, and i would need some information on how to setup EAP-TTLS-PAP for a wired usage. Users will be identified via an LDAP database on the accounting will by via MySQL.
OK, that sounds fairly normal.
> I already understood how works EAP-TTLS and how to set it as the default_eap_type, but it is mainly for the PAP part, do i have to configure it myself in /etc/raddb/mods-enabled/eap in the ttls section, if so, what do i have to activate ? , or is it default-activated without having to configure it, otherwise where do i have to configure it ?
mods-enabled/eap just handles the EAP (TTLS) part. The inner encrypted
data (PAP in your case) then passes through the "inner-tunnel" virtual
server. Yes it's enabled by default.
See raddb/sites-enabled/inner-tunnel
Configure ldap and pap in there and you should be good to go.
> Could i communicate in PAP with my MySQL database, or do i have to authorize another protcol of communication ?
You would configure mysql (mods-enabled/sql) and then call "sql" where
needed - presumably in sites-enabled/default in the accounting section.
--
Matthew
More information about the Freeradius-Users
mailing list