(RADIATOR) Radiator on Mandrake Server...

Mike McCauley mikem at open.com.au
Wed Jun 4 21:39:31 CDT 2003


Hello Andrea,

On Thu, 5 Jun 2003 11:38 am, Andrea Brancatelli wrote:
> Hello Mike,
>
> Thursday, June 5, 2003, 3:06:30 AM, you wrote:
> >> OpenSSL is 0.9.7. Actually I "just" seem to lack that file.
>
> MM> That is strange.
>
> OK, I compiled Net_SSLeay from CPAN and everything works well now.

Good.

>
> Now, sorry, I have a very stupid question for you. I'm pretty new to
> Radius et all the staff involve, so sorry again for the stupid
> question. My idea, looking at Windows XP, is that, using PEAP instead
> of EAP/TLS, there's no need to give a certificate to the supplicant,
> but looking at goodies/eap_peap.cfg I see one must still create the
> certificates and such...

With both TLS and PEAP you must have a certificate for the Radius server, and 
the client must also have a copy of the root certificate for the servers 
certificate.

The difference between TLS and PEAP is you dont need an individual certificate 
for the _client_.


>
> What am I missing? :D
>
> What's the difference betwen EAP/TLS and PEAP then?
>
> Isn't there a way to have a Supplicant just log in without any hassle
> of the certificate???

With PEAP, you will have to install the root certificate corresponding to the 
servers certificate on the supplicant. 

If the radius server is configured to use the test certificates we supply, you 
will ned to install root.der on each client. Just double-click on it to 
import the certificate.

If the radius server is configured to use a public certificate from a public 
certificate authority (verisgn etc), the root certificate is built in to XP.

Hope that helps.

Cheers.

>
> Thanks!
>
> --
> Saluti, Andrea Brancatelli
> http://andrea.brancatelli.it/      mailto:andrea at brancatelli.it

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list