>             I?m trying to configure freeradius with PEAP + EAP-TLS, but
> I?m making some confusion to configure the radiusd.conf  (sections
> authorize and authentication) and eap.conf.
> 
>             Have someone implemented this configuration?
>
>  Yes.  Many people.
>
>             In the eap.conf file the default eap type is TLS or PEAP?
>
>  If you're doing PEAP, then it should be peap.
>
>             What I?ve to configure in the authorize and authentication
> sections?
>
>  For basic peap, not much.  Just configure "eap.conf".

OK. But I´m trying to use peap to make an encrypted tunnel validating the 
server certificate and then I want to authenticate the clients whith EAP-TLS 
using client/server certificate. The TLS tunnel is working fine, but the second 
part of EAP-TLS authentication not.

So .... in the peap section in the eap.conf, what I´ve to configure for default 
eap type? Is tls ? If I configure tls, I´ve to create a tls section in the peap 
section or the tls section of the eap.conf is enough. I´ve attached my eap.conf 
file.

Thank´s !!


eap.conf

eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no

# Supported EAP-types
# EAP-TLS
tls {
private_key_password = xxxxxxxxxxxxxxxxx
private_key_file = ${raddbdir}/certs/freeradius_key.pem
certificate_file = ${raddbdir}/certs/freeradius_cert.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024

include_length = yes
}

peap {
default_eap_type = tls
}

#tls {
#private_key_password = xxxxxxxxxxxxxxxxxxxxx
#private_key_file = ${raddbdir}/certs/freeradius_key.pem
#certificate_file = ${raddbdir}/certs/freeradius_cert.pem
#CA_file = ${raddbdir}/certs/demoCA/cacert.pem
#dh_file = ${raddbdir}/certs/dh
#random_file = ${raddbdir}/certs/random
#fragment_size = 1024
#include_length = yes
#}

#mschapv2 {
#}
}


> *FreeRADIUS Version 1.0.1*
>
>  Why not run 1.1.6, which has many more bug fixes and features?
>
>  Alan DeKok.
>--
>  http://deployingradius.com       - The web site of the book
>  http://deployingradius.com/blog/ - The blog



"Mensagem protegida por sigilo profissional. Sua utilização indevida sujeita o 
infrator às penas da lei. Não sendo seu destinatário, por favor, elimine-a e 
informe o equívoco ao emitente."

"This e-mail message and any attachment are intended exclusively for the named 
addressee. They may contain confidential information which may also be 
protected by professional secrecy. Unless you are the named addressee (or 
authorised to receive for the addressee) you may not copy or use this message 
or any attachment or disclose the contents to anyone else. If this e-mail was 
sent to you by mistake please notify the sender immediately and delete this 
e-mail."

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to