> One doubt, basically the operation between server and AP is the same in > EAP/TLS and PEAP but for the fact that in the former the user has a cert > and in the latter a screen should be prompted for the user to introduce > its login and passw so the RADIUS must check them in the users file?
I don't know for PEAP but with EAP-TLS, you just need the password for the key of the client-certificate on supplicant, and the password for the key of the server-certificate on the FreeRADIUS server. But this passwords don't go trough the network. (And you need the root/CA certificate on each side of course). Then on linux xsupplicant you can put the pass in your TLS config file, then the connexion is automatic. On windows maybe you have a prompt for password at each connexions, I'm working on it actually.... I hope I haven't say a mistake and that can help you. Fred > sorry for the basic question but I'm not able to get the prompt for my > user and I'm trying to discard any basic mistake in concepts > > thanks > > bfr > > > > isn't it? > ----- Mensaje original ----- > De: BLANCA FERRERO RODRIGUEZ <[EMAIL PROTECTED]> > Fecha: Martes, Mayo 25, 2004 8:45 am > Asunto: Re: peap user > >> >> > > I'm configuring PEAP. I think the freeradius config is Ok. >> > ... >> > > modcall: group authorize returns updated for request 0 >> > > rad_check_password: Found Auth-Type Reject >> > > rad_check_password: Auth-Type = Reject, rejecting user >> > >> > Nope, it's not. >> > >> > Alan DeKok. >> > >> >> I think that message comes because the user sent by my AP to the >> radius is not in my users file, and it matches a default user I >> added with Auth-Type = reject... but it makes sense doesn't it? >> >> >> bfr >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
