On 11/09/13 12:05, stefan.pae...@diamond.ac.uk wrote:
The alternative is getting your users to install something like
SecureW2 (which I believe requires a license now), and using
EAP-TTLS- PAP which submits the users password in plaintext, or I
believe more recent flavours of Windows support EAP-TTLS too.
If I remember correctly, when using EAP-TTLS-PAP, the top-level
default_eap_type should be "ttls", and then the default_eap_type in
the TTLS section should be "gtc" (which uses PAP by default).
AFAIK (and please correct me if I'm wrong), you cannot set the TTLS
default_eap_type setting to PAP.
That's because EAP-TTLS/PAP doesn't use EAP on the inner tunnel. Just
PAP. So "default_eap_type" is irrelevant.
You support EAP-TTLS/PAP by ensuring PAP is working in the inner tunnel
- by populating a cleartext or hashed password and calling the "pap"
module in the authorize/authenticate section, or other more specialised
configs.
EAP-TTLS/EAP-GTC is a different thing.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
