RE: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
Just confirming that I've tested this in the past and it works, but I believe the poster of the article is dubious about a production environment. When I tried it on wifi it took a second or so more to authenticate for some reason, so we eventually went with eap-tls instead because of this and because it was simpler. I did also get quite a few The EAP message did not complete but that could be coincidental. -Original Message- From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu s.org] On Behalf Of Phil Mayers Sent: 20 May 2013 10:51 To: freeradius-users@lists.freeradius.org Subject: Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ? On 20/05/13 09:02, Robert wrote: Hi I use freeradius v2.1.10 in Debian Squeeze 6.0.1. I want to know if freeradius supports the following methods : See here: http://notes.asd.me.uk/2012/01/20/freeradius-with-peap-eap-tls-for-micro soft-soh/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
Thank you! The configuration in the link works. The key is setting fragment_size correctly. But I am confused about the two methods : Is EAP PEAP/TLS = EAP PEAP/EAP-TLS ? Or they are two different methods? -Original Message- From: freeradius-users-bounces+robert_chen=favite@lists.freeradius.org [mailto:freeradius-users-bounces+robert_chen=favite@lists.freeradius.org ] On Behalf Of Phil Mayers Sent: Monday, May 20, 2013 5:51 PM To: freeradius-users@lists.freeradius.org Subject: Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ? On 20/05/13 09:02, Robert wrote: Hi I use freeradius v2.1.10 in Debian Squeeze 6.0.1. I want to know if freeradius supports the following methods : See here: http://notes.asd.me.uk/2012/01/20/freeradius-with-peap-eap-tls-for-microsoft -soh/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - 未在此訊息中找到病毒。 已透過 AVG 檢查 - www.avg.com 版本: 2012.0.2242 / 病毒庫: 3162/5839 - 發佈日期: 05/19/13 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On Tue, May 21, 2013 at 08:03:48AM +0100, Franks Andy (RLZ) IT Systems Engineer wrote: Just confirming that I've tested this in the past and it works, but I believe the poster of the article is dubious about a production environment. Not at all - we are running it in production. The warning at the bottom is to make you think about what you're doing first, rather than to blindly copy my examples and then open yourself up to security issues that you haven't thought through. The examples are stripped down to their utter bare minimum - which is unlikely to be what you want in production. When I tried it on wifi it took a second or so more to authenticate for some reason, so we eventually went with eap-tls instead because of this and because it was simpler. I did also get quite a few The EAP message did not complete but that could be coincidental. It's been running fine here with a lot of laptops for over a year now. We usually see the EAP did not complete errors from bad wireless signals or misconfigured EAP timers. As the article says - the only real benefit is to get SoH data from the device. If you don't want/need that, you're fine with plain EAP-TLS (and with less round trips, it will auth faster, too). Cheers Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On Tue, May 21, 2013 at 03:21:33PM +0800, Robert wrote: Thank you! The configuration in the link works. The key is setting fragment_size correctly. Yes, that was the gotcha. But I am confused about the two methods : Is EAP PEAP/TLS = EAP PEAP/EAP-TLS ? Or they are two different methods? Same thing, but usually referred to as PEAP/EAP-TLS (or sometimes, probably incorrectly, EAP-PEAP/EAP-TLS). Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
It supports EAP with TTLS, TLS and PEAP, yes. Look at EAP.conf - you can configure all supported options in there. Regards Stefan From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of Robert Sent: 20 May 2013 09:03 To: freeradius-users@lists.freeradius.org Subject: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ? Hi I use freeradius v2.1.10 in Debian Squeeze 6.0.1. I want to know if freeradius supports the following methods : l EAP PEAP/TLS l EAP PEAP/EAP-TLS ? The client I use is wpa_supplicant v0.6.9. Regards, Robert -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On 20/05/13 10:25, stefan.pae...@diamond.ac.uk wrote: It supports EAP with TTLS, TLS and PEAP, yes. Look at EAP.conf – you can configure all supported options in there. Not sure you've understood what he's asking there; he wants to know if you can to PEAP with EAP-TLS as an inner. The main advantage to this is anonymous outer ID. I *think* FR supports this, but I can't remember the details or if there are any caveats. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On 20/05/13 09:02, Robert wrote: Hi I use freeradius v2.1.10 in Debian Squeeze 6.0.1. I want to know if freeradius supports the following methods : See here: http://notes.asd.me.uk/2012/01/20/freeradius-with-peap-eap-tls-for-microsoft-soh/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
Ahhh. According to this conversation: http://freeradius.1045715.n5.nabble.com/PEAP-EAP-TLS-with-client-and-server-certificate-td2760634.html - FR does support PEAP-EAP-TLS :-) Stefan -Original Message- From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] On Behalf Of Phil Mayers Sent: 20 May 2013 10:49 To: freeradius-users@lists.freeradius.org Subject: Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ? On 20/05/13 10:25, stefan.pae...@diamond.ac.uk wrote: It supports EAP with TTLS, TLS and PEAP, yes. Look at EAP.conf - you can configure all supported options in there. Not sure you've understood what he's asking there; he wants to know if you can to PEAP with EAP-TLS as an inner. The main advantage to this is anonymous outer ID. I *think* FR supports this, but I can't remember the details or if there are any caveats. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Does freeradius support EAP PEAP/TLS or EAP PEAP/EAP-TLS ?
On 20/05/13 10:59, stefan.pae...@diamond.ac.uk wrote: Ahhh. According to this conversation: That's a really old conversation. See instead the link I posted in my other email. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
