[RADIATOR] Configurable parameters

Heikki Vatiainen hvn at open.com.au
Tue Jul 17 07:17:00 CDT 2012


On 07/17/2012 11:15 AM, Sudhir Harwalkar wrote:

> Does EAP-FAST and EAP-TTLS require USERNAME and Password for
> authentication or only Username is sufficient.

The answer depends on the inner authentication protocol. With EAP-TTLS
you can use PAP (EAP-TTLS/PAP) where you can accept any password without
checking it. EAP-TTLS/EAP-GTC should also do the same. With EAP-FAST you
can do EAP-FAST/EAP-GTC, I'm not sure if EAP-FAST/PAP is supported.

EAP-TTLS with MSCHAPv2 will not work. The v2 part in MSCHAPv2 requires
the server to prove it has access to the user's password. If the server
can not do this, the client refuses to continue the authentication process.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.




More information about the radiator mailing list