EAP-TTLS: Tunneled authentication
|
This documentation is a work in progess. This page is taken from the version 3 documentation, and has not yet been updated for version 4. The general approach of this page is correct, but you will have to update the syntax if you are using version 4. Contact InkBridge Networks for more details. |
Goal: To configure the server to use the EAP-TTLS authentication protocol and to send and receive test packets.
Time: 20-35 minutes.
File:
-
etc/raddb/sites-available/default
Diagram:
During installation the build system automatically creates certificates for use with TTLS. In a normal installation, there should be little or no action required to enable TTLS.
This exercise does not cover how to configure EAP-TTLS on the wireless client nor how to set up a wireless access point to perform EAP-TTLS. We suggest that you consult the documentation for your wireless client software for details on this process.
For the initial testing of EAP-TTLS, we recommend using PAP on the
wireless client as the tunneled authentication protocol.
Once the wireless client has been configured to enable EAP-TTLS,
you should perform a test authentication to the server. If all goes well,
the server, AP, and wireless client should exchange multiple RADIUS
Access-Request and Access-Challenge packets. This process should take
a few seconds, and you should wait until it is done. If all goes well,
the final packet from the server should be an Access-Accept and should
contain the MS-MPPE-Recv-Key and MS-MPPE-Send-Key attributes.
Verify that the authentication succeeded by using the ping command to
see if the wireless client now has network access.