...
| Code Block |
|---|
<Client 192.168.10.200>
Secret 6.6obaFkm&RNs666
Identifier ACCESSPOINT1
IdenticalClients 192.168.10.201
RequireMessageAuthenticator
</Client>
|
In this example there is a client definition for 192.168.10.200, an Access-Point. The "secret" is a series of (at best 16) characters that are used to encrypt the credentials sent in the RADIUS-request.
...
Technically, three backend cases need to be considered for deployment:
Backend stores passwords in... | PEAP-MSCHAPv2? | TTLS? |
|---|---|---|
plain text or reversibly encrypted | Yes | Yes (TTLS-PAP, TTLS-MSCHAPv2) |
NT-Hash | Yes | Yes (TTLS-PAP, TTLS-MSCHAPv2) |
other irreversible encryption | No | Yes (TTLS-PAP) |
Where both options are possible, we suggest the following order of preference: TTLS-MSCHAPv2, PEAP- MSCHAPv2, TTLS-PAP (in descending order of preference).
...
| Code Block |
|---|
<Handler Realm=group_1>
<AuthBy FILE>
Filename %D/users
EAPType TTLS, PEAP
EAPTLS_CAFile %D/root.pem
EAPTLS_CertificateFile %D/server.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/server.pem
EAPTLS_PrivateKeyPassword serverkey
EAPTLS_MaxFragmentSize 1024
EAPAnonymous anonymous@group1
AutoMPPEKeys
</AuthBy>
</Handler>
|
Sample configuration file
...