"McNutt, Justin M." wrote: > > Okay, new question: > > Now that I have the NAS talking to the RADIUS server properly, I need the RADIUS server to use something other than hard-coded passwords when it authenticates using Auth-Type := EAP. Here's an example from /usr/local/etc/raddb/users: > > gilpina Auth-Type := EAP > Port-Priority = Platinum, > Tunnel-Private-Group-Id = "201", > Tunnel-Type = 13, > Tunnel-Medium-Type = 6, > Service-Type = Framed, > NAS-Port-Type = Ethernet > > What would be the proper syntax for something like this: > > gilpina Auth-Type := EAP, Password == PAM > > or > > gilpina Auth-Type := EAP, Password == Unix >
There are 2 types of EAP authentications that are currently supported by Freeradius 1. EAP-MD5 2. EAP-TLS The one which you tested is EAP-md5. It is just similar to CHAP authentication. It works only with PLAIN TEXT passwords. So if you have plain text password stored in files, database or LDAP, then it works. EAP-TLS is Certificate based authentication. -- (( )) | |.| HereUAre !! |_| (( Raghu )) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html