Hi,

 

            I´m trying to configure freeradius with PEAP + EAP-TLS, but I´m 
making some confusion to configure the radiusd.conf  (sections authorize and 
authentication) and eap.conf.

            Have someone implemented this configuration?

            In the eap.conf file the default eap type is TLS or PEAP?

            What I´ve to configure in the authorize and authentication sections?

            I´ve attached my conf files below.

 

            Best Regards ...

 

FreeRADIUS Version 1.0.1

 

eap.conf

 

eap {

default_eap_type = tls

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

 

# Supported EAP-types

# EAP-TLS

tls {

private_key_password = xxxxxxxxxxx

private_key_file = ${raddbdir}/certs/freeradius_key.pem

certificate_file = ${raddbdir}/certs/freeradius_cert.pem

CA_file = ${raddbdir}/certs/demoCA/cacert.pem

dh_file = ${raddbdir}/certs/dh

random_file = ${raddbdir}/certs/random

fragment_size = 1024

 

include_length = yes

}

 

peap {

default_eap_type = tls

}

 

#tls {

#private_key_password = xxxxxxxxxx

#private_key_file = ${raddbdir}/certs/freeradius_key.pem

#certificate_file = ${raddbdir}/certs/freeradius_cert.pem

#CA_file = ${raddbdir}/certs/demoCA/cacert.pem

#dh_file = ${raddbdir}/certs/dh

#random_file = ${raddbdir}/certs/random

#fragment_size = 1024

#include_length = yes

#}

 

#mschapv2 {

#}

}

 

 

radiusd.conf (only authorize and authentication sections)

 

.

.

.

# Instantiation

 

instantiate {

}

#

authorize {

preprocess

files

mschap

eap

}

 

# Authentication.

authenticate {

Auth-Type MS-CHAP {

mschap

}

eap

}

.

.

.




"Mensagem protegida por sigilo profissional. Sua utilização indevida sujeita o 
infrator às penas da lei. Não sendo seu destinatário, por favor, elimine-a e 
informe o equívoco ao emitente."

"This e-mail message and any attachment are intended exclusively for the named 
addressee. They may contain confidential information which may also be 
protected by professional secrecy. Unless you are the named addressee (or 
authorised to receive for the addressee) you may not copy or use this message 
or any attachment or disclose the contents to anyone else. If this e-mail was 
sent to you by mistake please notify the sender immediately and delete this 
e-mail."
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to