[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Enabling EAP-TTLS-PAP for wired usage
From:       Matthew Newton <mcn () freeradius ! org>
Date:       2022-06-15 18:04:45
Message-ID: 965de170-d453-6a3f-5805-b63fd29c5b68 () freeradius ! org
[Download RAW message or body]



On 15/06/2022 18:53, Florent Vercourt wrote:
> I'm currently setting up a freeradius, and i would need some information on how to \
> setup EAP-TTLS-PAP for a wired usage. Users will be identified via an LDAP database \
> on the accounting will by via MySQL.

OK, that sounds fairly normal.


> I already understood how works EAP-TTLS and how to set it as the default_eap_type, \
> but it is mainly for the PAP part, do i have to configure it myself in \
> /etc/raddb/mods-enabled/eap in the ttls section, if so, what do i have to activate \
> ? , or is it default-activated without having to configure it, otherwise where do i \
> have to configure it ?

mods-enabled/eap just handles the EAP (TTLS) part. The inner encrypted 
data (PAP in your case) then passes through the "inner-tunnel" virtual 
server. Yes it's enabled by default.

See raddb/sites-enabled/inner-tunnel

Configure ldap and pap in there and you should be good to go.


> Could i communicate in PAP with my MySQL database, or do i have to authorize \
> another protcol of communication ?

You would configure mysql (mods-enabled/sql) and then call "sql" where 
needed - presumably in sites-enabled/default in the accounting section.

-- 
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]