Sergio Belkin wrote:
Hi,
I had been using EAP-TTLS, but I've commented in an earlier post, I
have no luck with securew2 and Vista. So I am planning use a
"secondary password" for radius in clear-text. But I'd want to know if
TTLS and PEAP can live together, my current eap.conf is as follow:
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_file =
/etc/pki/tls/certs/ips-spectrum-key.pem
certificate_file =
/etc/pki/tls/certs/ips-spectrum-crt.pem
CA_file = /etc/pki/tls/certs/ips-ca-bundle.crt
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
cipher_list = "DEFAULT"
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = yes
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
}
mschapv2 {
}
}
Yes. If the supplicant doesn't support TTLS it'll NAK the offer of
EAP-TTLS and request PEAP. Default EAP type specifies the EAP type the
server initially attempts to negotiate with the supplicant.
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html