whopeman wrote: > I am fairly new to FreeRADIUS, so pelase bear with me a bit. I have > searched the forums and websites to find an implementation that allows me to > configure my server to process BOTH PEAP MSCHAP and PEAP/EAP-GTC (v0 and > v1). I have not found anyone trying to do this, but I am not working on a > production system this is for test purposes.
Don't use PEAPv1. It's even less documented than PEAPv0. It's used by pretty much no one. > My GOAL: > I am working to setup a test environment that allows us to test our products > using EAP-TLS, EAP-TTLS, LEAP, PEAP/MSChap, and PEAP/EAP-GTC. Don't use LEAP. It's insecure. Don't put it into new products, and don't allow people to configure it. > CURRENT: > What I have so far is a working system that processes everything except > PEAP/EAP-GTC. All authentication is performed through a local LDAP solution > (setup with CLEAR-TEXT again testing not production). FreeRADIUS does this in the default install, and contains EAP tests (src/tests) for all major EAP types. > I have run wireshark and grabbed the packet traces as well, when my client > connects it requests PEAP as the preferred auth type but FR seems to be > pushing v0 as the request type and does not seem to be allowing for v1. My > client does not handle this gracefully. Then the client is broken, and should be fixed. > My QUESTION: > Is there an easy way to configure FR to allow for both types of requests? Not really. By the time that the client has sent a PEAPv1 request, the EAP session has started. You can't switch EAP sessions from the "eap" module to the "eap2" module. > I > have been looking at the virtual server options without much luck in > understanding how to configure a secondary virtual server to provide a GTC > interface. If that is a recommendation, any guidance on setting up a > straight EAP-GTC via LDAP virtual server would be appreciated. Read eap.conf. Look for "gtc". This is documented. It works in the default install. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html