>
> You can't use PEAP unless you have plaintext passwords stored in the
> LDAP or NT/LM password hashes. To use LDAP bind to authenticate you will
> need to use TTLS with PAP as inner tunnel authentication. This is how
> you can configure your clients to use TTLS+PAP
>
The passwords are revealed in plaintext. Would prefer to use PEAP w/MsChapv2
as
any XP client on our network will already have that.
Is there anything special to configure in the eap.conf. I used certs.sh to
create the
demoCA which I'm using for testing.
Thanks.
eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
