1
18.7 Legacy Series / Enhancement: RADIUS EAP-TLS only configuration f/Wifi
« on: January 22, 2019, 12:46:23 am »
Greetings,
I am wondering if would be possible to add in options to the FreeRADIUS web administration to permit *only* EAP-TLS (and not EAP-TTLS), and exclude other insecure authentication methods, such as MD5, PAP, CHAP, etc. I am looking to use the OPNSense freeradius server for Wifi and deploy WPA2 Enterprise with server/client certificates used to authenticate and associate. When I manually edit the required configuration files used by freeradius, it is not working correctly for me so far, but I'm continuing to experiment.
It would be a cleaner approach if we could enhance the web administration fields, and have the option to selectively include/exclude options, such as CHAP, MSCHAPv2, MD5, EAP-TTLS, EAP-TLS, etc. Ultimately, I would like to only use EAP-TLS and exclude all others. Is this something that is a possibility? I'd also be happy to help test this out if anyone gives this a go.
Thank you in advance!
Jason
I am wondering if would be possible to add in options to the FreeRADIUS web administration to permit *only* EAP-TLS (and not EAP-TTLS), and exclude other insecure authentication methods, such as MD5, PAP, CHAP, etc. I am looking to use the OPNSense freeradius server for Wifi and deploy WPA2 Enterprise with server/client certificates used to authenticate and associate. When I manually edit the required configuration files used by freeradius, it is not working correctly for me so far, but I'm continuing to experiment.
It would be a cleaner approach if we could enhance the web administration fields, and have the option to selectively include/exclude options, such as CHAP, MSCHAPv2, MD5, EAP-TTLS, EAP-TLS, etc. Ultimately, I would like to only use EAP-TLS and exclude all others. Is this something that is a possibility? I'd also be happy to help test this out if anyone gives this a go.
Thank you in advance!
Jason