David Pullman wrote: > I've been reading the FAQs, the man pages, and going over mailing list > archives, and also the info at deployingradius.com. I thought I should > start by checking that I'm heading in the right direction before trying > building stuff. I'm proposing that we use Freeradius to authenticate > the connections to the wireless APs using the MIT Kerberos server. If > this is possible, would it be done using EAP-TTLS from the clients,
Yes. > and > the Auth-Type would need to be defaulted to Kerberos so that the > rlm_krb5 module would be used? I'm basing this on the Protocols page in > conjunction with a thread from earlier in October about EAP-TTLS and > Kerberos. Pretty much. If you follow the instructions in the previous thread, you can set: DEFAULT FreeRADIUS-Proxied-To := 127.0.0.1, Auth-Type = Kerberos Put that at the top of the "users" file, and EAP-TTLS with tunneled PAP should work. This also means having EAP-TTLS software on the clients (SecureW2 for Windows), and configuring them with PAP as the inner tunnel authentication method. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
