[RADIATOR] Help required with EAP TTLS

Sat Jan 8 03:40:04 CST 2011

On 01/07/2011 01:51 PM, Aman Arneja wrote:

> I also need some information regarding your ttls support since i am looking
> at a radius server that can service both SIM and TTLS requests, i need the
> answers to the following questions.

Good questions. Please see below for answers.

> Features
> Non-EAP inner methods - Which methods are supported?

There are plenty: the basic ones are PAP, CHAP, MSCHAP ja MSCHAPv2.

The way Radiator has been built makes supporting different inner methods
easy. The inner method messages are dispatched as new RADIUS messages
and can be handled in the configuration as their own, not within TTLS.

In other words there is a lot of flexibility with the inner protocols,
and the ones mentioned above are usually supported and used by clients.

Do you have any specific methods in mind?

> Client auth during phase 1 - Supported, Not/Supported

Supported. The phase 1 message is available for authentication. You can
for example, first validate MAC address or check WLAN SSID in the outer
request and only then proceed to continue with phase 2.

> Can identity privacy be explicitly enabled or disabled - on the client side
> Can session resumption be explicitly enabled or disable - on the client side

Yes for both. The outer identity can be different from the inner
identity. Session resumption is supported by Radiator by default and can
be disabled from the client side.

> Method chaining in Phase 2

For this you would need to use Radiator with e.g., EAP-FAST where method
chaining has been well defined. With TTLS methods can in theory be
chained with clever configuration, but I do not think Radiator has been
tested or used in such a configuration.

If you have something specific in mind, please let us know.

> Allowing tunnel method as inner method (FAST, PEAP)

This may not been ever tested and I can not verify if this works. If you
know a client that can do this, we would be very interested to know
about it.

> Also if you have any competitor analysis on this , like with free radius
> etc, that would be great !!

Please take a look Radiator technical information at
http://www.open.com.au/radiator/technical.html

I will check what analysis type of information we may also have.

> Thanx
> 
> Aman Arneja

Thanks!

Heikki Vatiainen

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.