[RADIATOR] EAP-TTLS configuration guide for Radiator?

Heikki Vatiainen hvn at open.com.au
Mon Aug 22 16:23:40 CDT 2011 

On 08/22/2011 10:38 PM, Roberto Carlos wrote:

Hello Roberto,

> Hello, I've installed an evaluation version of Radiator and need to test 802.1x authentication on our Aruba wireless network using EAP-TTLS as the EAP method. 
> 
> We currently have a solution using PEAP-GTC up and running via a Cisco ACS (4.1 code), but are experiencing stability problems using that EAP type with the Mac OS 10.5 and 10.6 supplicant. Our ACS doesn't support EAP-TTLS, hence the Radiator trial. Our current design hands-off the auth request to our LDAP server (OpenLDAP) for verification and we'd like to implement the same scenario here, but substituting EAP-TTLS.

Radiator should work well with EAP-TTLS and Macs. I see no problems with
Aruba either.

> I've found a useful EAP-TTLS configuration guide for Interlink RAD-Series RADIUS Server here 
> http://www.interlinknetworks.com/app_notes/eap-peap.htm
> 
> and am wondering if a similar config guide exists for Radiator. That or any other suggestions to get my trial started would be most appreciated.

You may want to see goodies/eap_multi.cfg in the Radiator distribution.

TTLS authentication hits first the <Handler> clause. This clause takes
care of establishing the TLS tunnel. Once the tunnel is ready, <Handler
TunnelledByTTLS=1> takes care of the inner authentication. Instead of
<AuthBy FILE> you would use <AuthBy LDAP2> with the inner Handler.

For LDAP configuration, please see goodies/ldap.cfg

The reference manual will also be useful for checking the configuration
options.

This should get you started. Please let us know how it goes.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list