...
Technically, three backend cases need to be considered for deployment:
Backend stores passwords in... | PEAP-MSCHAPv2? | TTLS? |
---|---|---|
plain text or reversibly encrypted | Yes | Yes (TTLS-PAP, TTLS-MSCHAPv2) |
NT-Hash | Yes | Yes (TTLS-PAP, TTLS-MSCHAPv2) |
other irreversible encryption | No | Yes (TTLS-PAP) |
Where both options are possible, we suggest the following order of preference: TTLS-MSCHAPv2, PEAP- MSCHAPv2, TTLS-PAP (in descending order of preference).
...
Code Block |
---|
<Handler Realm=group_1> <AuthBy FILE> Filename %D/users EAPType TTLS, PEAP EAPTLS_CAFile %D/root.pem EAPTLS_CertificateFile %D/server.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/server.pem EAPTLS_PrivateKeyPassword serverkey EAPTLS_MaxFragmentSize 1024 EAPAnonymous anonymous@group1 AutoMPPEKeys </AuthBy> </Handler> |
Sample configuration file
An example configuration script can be downloaded from http://www.eduroam.org/downloads/docs/eduroamcookbookscripts.zip.