Ok I copied straight from the goodies (eap_misc I think..) and even used
certificates and still getting that error
EAP authentication is not Permitted
Current config is, just to clarify I have it working in freeradius, but want to
use our radiator….
<Handler TunnelledByTTLS=1,Realm=epmp.test.net>
AuthByPolicy ContinueWhileIgnore
<AuthBy FILE>
Filename %D/users-eap2
# This tells the PEAP client what types of
inner EAP requests
# we will honour
EAPType MSCHAP-V2,MD5,TLS,TTLS
# Need these for TLS
EAPTLS_CAFile %D/ca.pem
EAPTLS_CertificateFile %D/server.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/server.pem
EAPTLS_PrivateKeyPassword whatever
</AuthBy>
<Log FILE>
Filename %L/eaplog2
Trace 4
</Log>
</Handler>
<Handler Realm=epmp.test.net>
AuthByPolicy ContinueWhileIgnore
<AuthBy FILE>
Filename %D/users-eap
EAPType TTLS,TLS,MD5,MSCHAP-V2
EAPTLS_CAFile %D/ca.pem
EAPTLS_CertificateFile %D/server.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/server.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000.
AutoMPPEKeys
EAPTLS_PEAPVersion 0
EAPTLS_PEAPBrokenV1Label
</AuthBy>
<Log FILE>
Filename %L/eaplog
Trace 4
</Log>
</Handler>
Best regards,
Chris Chance
Network Enginner - CaribServe
Phone: +1 721 542-4233
Email: [email protected]
[cid:[email protected]]
From: Alan Buxey [mailto:[email protected]]
Sent: Tuesday, June 3, 2014 1:59 PM
To: Christopher Chance; [email protected]
Subject: Re: [RADIATOR] Trying to get Radiator to work with EAP-TTLS auth
Your handlers need to be the other way around. The inner needs to be listed
first. See the goodies directory for example. I'd advise an upgrade too
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
