Eap.conf File - Extreme Networks Summit WM Technical Reference Manual

Version 5.1

Hide thumbs Also See for Summit WM:

Installation instructions (1 page)

Getting started manual (126 pages)

Maintenance manual (130 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

The only difference with overwrite is that the password does not have to be the MAC address of the

device, but rather it can be anything the administrator configures (and matches on the Summit WM

Controller).

To use the Challenge Handshake Access Protocol (CHAP) which prevents the password from ever being

transmitted between the Summit WM Controller and the RADIUS server switch the Auth-Type setting

to CHAP and change the Auth. Type in the WM-AD settings under the Auth & Acct tab to use CHAP.

#vocera badge example

"0009EF003BAF" Auth-Type := CHAP, User-Password == "0009EF003BAF"

You may also switch to MS-CHAP or MS-CHAPv2 in the Summit WM Controller and then format the

user entry as follows:

#vocera badge example

"0009EF003BAF" Auth-Type := MS-CHAP, User-Password == "0009EF003BAF"

This type of entry supports both MS-CHAP and MS-CHAPv2 authentication types from the Summit

WM Controller.

Note that RADIUS attributes cannot be returned for MAC-based authentication.

Example for 802.1X Authentication

To define a user for PEAP or TTLS authentication where a username/password combination is still

required the user can be formatted as:

"username"

Auth-Type := EAP, User-Password == "aDRM123"

However, this will make this user ONLY useful for EAP connections. Otherwise format the user as

Auth-Type 'local' and FreeRADIUS will use the user entry for PAP, CHAP, and EAP auth-type

messages.

eap.conf file

For recent versions of FreeRADIUS the configuration of EAP has been moved from the radiusd.conf file

into a separate file called eap.conf. If you don't have this file look for these configuration items within

the radiusd.conf file itself.

The configuration of EAP support under FreeRADIUS involves the following steps:

1 Generate / Install Certificates

2 Configure eap.conf file

Generate / Install Certificates

In the scripts subdirectory of the FreeRADIUS distribution tarball there is are scripts for creating root,

server, and client certificates. It is recommended to get a certificate generated off of a real CA rather

than one generated by these utilities since the default action of most wireless clients is to check the

certificate being used on the server side against a list of known CAs. Windows' wireless configuration

can relax this requirement by deselecting the checkbox for 'Validate server certificate.

For PEAP and TTLS only a server certificate needs to be installed. For TLS both a server certificate and

a client certificate generated off the same root certificate needs to be installed.

125

Summit WM Technical Reference Guide, Software Version 5.1

Table of Contents

Eap.conf File - Extreme Networks Summit WM Technical Reference Manual

eap.conf file

Related Manuals for Extreme Networks Summit WM

Related Content for Extreme Networks Summit WM

Table of Contents