El fichero eap.conf quedaría como:
default_eap_type = tls
# default_eap_type = peap
# default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/key_radius.pem
certificate_file = ${raddbdir}/certs/cert_radius.pem
CA_file = ${raddbdir}/certs/CA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = no
}
mschapv2 {
}
}
|
Y en este fichero tendremos que decidir qué tipo de
eap vamos a utlizar, en nuestro caso TLS o PEAP.
