Versions Compared

Old Version 6

changes.mady.by.user Stefan Winter

Saved on

compared with

New Version Current

changes.mady.by.user Wenche Backman-Kamila

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Technically, three backend cases need to be considered for deployment:

Backend stores passwords in...

PEAP-MSCHAPv2?

TTLS?

plain text or reversibly encrypted

Yes

Yes (TTLS-PAP, TTLS-MSCHAPv2)

NT-Hash

Yes

Yes (TTLS-PAP, TTLS-MSCHAPv2)

other irreversible encryption

No

Yes (TTLS-PAP)

Where both options are possible, we suggest the following order of preference: TTLS-MSCHAPv2, PEAP- MSCHAPv2, TTLS-PAP (in descending order of preference).

...

Code Block
<Handler Realm=group_1>
          <AuthBy FILE>
                    Filename %D/users
                    EAPType TTLS, PEAP
                    EAPTLS_CAFile %D/root.pem
                    EAPTLS_CertificateFile %D/server.pem
                    EAPTLS_CertificateType PEM
                    EAPTLS_PrivateKeyFile %D/server.pem
                    EAPTLS_PrivateKeyPassword serverkey
                    EAPTLS_MaxFragmentSize 1024
                    EAPAnonymous anonymous@group1
                    AutoMPPEKeys
           </AuthBy>
</Handler>
Sample configuration file

An example configuration script can be downloaded from http://www.eduroam.org/downloads/docs/eduroamcookbookscripts.zip.