Jérôme BERTHIER wrote: > I'm trying to configure Freeradius 2 to implement EAP/TTLS-PAP > authentication method on my Cisco AP1242. It works but I'd like some > precisions to get configuration files as small as possible.
Why? It's not like there are any CPU / memory / disk issues with having the files 10K larger than their "optimal" size. > What is the shortest way to configure it ? Have test cases for what you need. Delete modules until the test cases fail. Then, ensure that only those modules are in the configuration. > First, what's the right way to implement check for Simultaneous-Use ? > For cisco nas type, Freeradius seems to use snmp check but where should > I configure SNMP read community in order to make it possible ? In the checkrad script. > Then, during EAP process, is it possible to check if inner identity > equal outer identity and if not to reject request ? Yes. See "man unlang". You can check inner/outer attributes. > Finally, I've got problem with NetworkManager under Fedora 9 (not tested > on other distribution). If Session resumption / fast reauthentication > cache is not enabled, clients can't reassociate and ask for session > resumption again. Is there a workaround ? What does that mean? "if session resumption isn't enabled, clients ask for session resumption" ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
