Hi, > PC 1: Supplicant.Access by networkManager. > The crendential are: login= [EMAIL PROTECTED] passwd=david EAP=TTLS phase2=PAP > PC 2: HostAP. It's correctly configured and works fine. > PC 3: Proxy Freeradius. It has got a realm i2t defined, and proxyes the > access requests to de PC4. > PC 4: Final Freeradius. It contains the credential for the users of the > i2t realm stored on a LDAP directory. > > The interconections between the PCs is this one: > > PC1 <-----> PC2 <-----> PC3 <-----> PC4
thankyou for your clear documentation. as for your answers. the EAP is terminated on PC4 - thus the certificates need to be on PC4. PC3 is only a proxy server for the outer realm ID "i2t" > The conections between PC1&PC2 and PC2&PC3 are encrypted. But, what > about PC3&P4? Is also a secure comunication? PC3 to PC4 will be protected via the RADIUS shared secret > Once the tunnel has been created, what type of authentication method > shall I use? any that you can support. > Can I afford to use PAP with an LDAP direcotry at the backend PC? > CHAP? GTC? PAP is easy - but you could use eg MD5 or MSCHAPv2 - so long as the LDAP contains the correct password format available for FR to read (eg MD5 password or NT-hased password for challenge-response) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html