EAP-TTLS with phase2="autheap=TLS" ?
jkmaline at cc.hut.fi
Tue Feb 7 22:03:57 EST 2006
On Tue, Feb 07, 2006 at 05:56:52PM -0500, Andrea G Forte wrote:
> I am confused by the example in the supplicant config file. In particular:
> # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
> # authentication.
> * phase2="autheap=TLS" *
> It seems not to be a standard mode (phase2="autheap=TLS"). Earlier in
> the config file:
What do you mean with a "standard mode"? Both EAP-PEAP and EAP-TTLS can
use multiple different EAP methods inside the tunnel (phase 2). This
particular example is using EAP-TLS for inner authentication.
> there is no mention of this other mode. Also, freeradius does not
> support it (unless I have done something wrong) saying that TLS inside a
> TTLS tunnel is not possible.
You are correct about FreeRADIUS not supporting this, but this is a
valid EAP-TTLS configuration (though, certainly not very commonly used).
See eap_testing.txt for RADIUS servers that have been tested
successfully in this mode with wpa_supplicant.
Jouni Malinen PGP id EFC895FA
More information about the HostAP