(RADIATOR) Question about PEAP authentication?

Hugh Irvine hugh at open.com.au
Fri Jan 23 17:38:19 CST 2004


Hello John -

You would typically use different Handlers for the three cases:

# define Handlers

<Handler TunneledByTTLS = 1>
	# deal with inner TTLS
	.....
</Handler>

<Handler TunneledByPEAP = 1>
	# deal with inner PEAP
	.....
</Handler>

<Handler>
	# deal with outer request
	.....
</Handler>


See the example in "goodies/eap_multi.cfg".

regards

Hugh


On 24 Jan 2004, at 06:56, John McFadden wrote:

> I've been testing EAP-TTLS and EAP-PEAP.
> I understand EAP-TTLS (FUNK)  typcially uses 'Anonymous' as the outer 
> userid and that is typically handled via a local file with an 
> anonymous entry.
> I got that to work ok but had a few problems trying to integrate 
> EAP-PEAP as it was trying to authenticate the inner userid in the 
> outer authentication of of course that id was not in the file.
>
> It appears I need to add an appropriate AuthBy in the outer 
> authenticaiton to handle that userid.
>
> ie:
>
> It appears EAP-PEAP uses the person's inner userid not anonymous and 
> that one would have to authenticate against a source that has those 
> ids instead of the local file.
> I my case that source is a domain controller so I'm usingAuthBy LSA.
>
> I'm authenticating the inner request against a domain controller via 
> LSA so that means I should authenicate the outer request via LSA as 
> well.  I assume the outer request is checking to make sure the id is 
> valid as password is not available.
>
> So if I want to support both TTLS and PEAP I would have to use an 
> AuthByPolicy to support AuthBy File for TTLS and AuthBy LSA for PEAP 
> to handle the outer authenticaiton?
>
> Any comments, suggestions?
>
> Thanks in advance
> John McFadden
>
>
>
>
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list