Enabling EAP-TTLS-PAP for wired usage

Matthew Newton mcn at freeradius.org
Wed Jun 15 18:04:45 UTC 2022

On 15/06/2022 18:53, Florent Vercourt wrote:
> I’m currently setting up a freeradius, and i would need some information on how to setup EAP-TTLS-PAP for a wired usage. Users will be identified via an LDAP database on the accounting will by via MySQL.

OK, that sounds fairly normal.

> I already understood how works EAP-TTLS and how to set it as the default_eap_type, but it is mainly for the PAP part, do i have to configure it myself in /etc/raddb/mods-enabled/eap in the ttls section, if so, what do i have to activate ? , or is it default-activated without having to configure it, otherwise where do i have to configure it ?

mods-enabled/eap just handles the EAP (TTLS) part. The inner encrypted 
data (PAP in your case) then passes through the "inner-tunnel" virtual 
server. Yes it's enabled by default.

See raddb/sites-enabled/inner-tunnel

Configure ldap and pap in there and you should be good to go.

> Could i communicate in PAP with my MySQL database, or do i have to authorize another protcol of communication ?

You would configure mysql (mods-enabled/sql) and then call "sql" where 
needed - presumably in sites-enabled/default in the accounting section.


More information about the Freeradius-Users mailing list