Hi, > > Okey, i've searched and searched for a hint, hopefully this isn't one of > those RTFM messages, and hopefully I didn't read an invalid FM ;-) > > I'm trying to "emulate" the edunet network wireless roaming network, which > primarily uses (in this order): > > EAP-TTLS > PEAP > EAP-MSCHAPv2 > > My Access point is a router running the DD-WRT firmware which AFAICT should > work fine for 802.1x support. > > I first started on this page: > http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-ttls-peap-support.html > which provides instructions on rebuilding the debian freeradius 1.1.7 > package with ttls/peap/etc.. > > I'm authenticating from our local NT domain since we already have it, and > in theory, these particular auth choices all work fine with the ntdomain > password - according to the "Deploying Radius: The Book" chart I found > online. > > With that, and a few configuration options (like making sure the host was > connected to the domain and ntlm_auth functioned as required), i've managed > to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain. > > EAP-TTLS works fine with an account in the "users" file that has a clear > text password, as well as a local /etc/password account. Ideally this > should work with the ntdomain as well. > I'm testing with a laptop running XP, with the secureW2 package installed > to provide TTLS.
if you are using EAP-TTLS/PAP then you'll need a plain text password - this can be done via kerberos to the AD. otherwise EAP-TTLS/MSCHAPv2 should work just like PEAP i'd advise to get id of the DEFAULT Auth := System line from the users file alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html