freeradius-config 3.0.16+dfsg-1ubuntu3 / etc / freeradius / 3.0 / mods-available / inner-eap

This file is indexed.

/etc/freeradius/3.0/mods-available/inner-eap is in freeradius-config 3.0.16+dfsg-1ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
# -*- text -*-
#
#  $Id: 576eb7739ebf18ca6323cb740a7d4278ff6d6ea2 $

#
#  Sample configuration for an EAP module that occurs *inside*
#  of a tunneled method.  It is used to limit the EAP types that
#  can occur inside of the inner tunnel.
#
#  See also raddb/sites-available/inner-tunnel
#
#  See raddb/mods-available/eap for full documentation on the meaning of these
#  configuration entries.
#
eap inner-eap {
	# This is the best choice for PEAP.
	default_eap_type = mschapv2

	timer_expire     = 60

	#  This should be the same as the outer eap "max sessions"
	max_sessions = 2048

	# Supported EAP-types
	md5 {
	}

	gtc {
		#  The default challenge, which many clients
		#  ignore..
		#challenge = "Password: "

		auth_type = PAP
	}

	mschapv2 {
		# See eap for documentation
#		send_error = no
	}

	# No TTLS or PEAP configuration should be listed here.

	## EAP-TLS
	#
	#  You SHOULD use different certificates than are used
	#  for the outer EAP configuration!
	#
	#  You can create the "inner-server.pem" file by doing:
	#
	#	cd raddb/certs
	#	vi inner-server.cnf
	#	make inner-server
	#
	#  The certificate MUST be different from the "server.cnf"
	#  file.
	#
	#  Support for PEAP/TLS and RFC 5176 TLS/TLS is experimental.
	#  It might work, or it might not.
	#
	tls {
		private_key_password = whatever
		private_key_file = /etc/ssl/private/ssl-cert-snakeoil.key

		#  If Private key & Certificate are located in
		#  the same file, then private_key_file &
		#  certificate_file must contain the same file
		#  name.
		#
		#  If ca_file (below) is not used, then the
		#  certificate_file below MUST include not
		#  only the server certificate, but ALSO all
		#  of the CA certificates used to sign the
		#  server certificate.
		certificate_file = /etc/ssl/certs/ssl-cert-snakeoil.pem

		#  You may want different CAs for inner and outer
		#  certificates.  If so, edit this file.
		ca_file = /etc/ssl/certs/ca-certificates.crt

		cipher_list = "DEFAULT"

		#  You may want to set a very small fragment size.
		#  The TLS data here needs to go inside of the
		#  outer EAP-TLS protocol.
		#
		#  Try values and see if they work...
	#	fragment_size = 1024

		#  Other needful things
		dh_file = ${certdir}/dh
		random_file = /dev/urandom

		#  CRL and OCSP things go here.  See the main "eap"
		#  file for details.
	#	check_crl = yes
	#	ca_path = /path/to/directory/with/ca_certs/and/crls/

		# Accept an expired Certificate Revocation List
		#
#		allow_expired_crl = no

		#
		#  The session resumption / fast re-authentication
		#  cache CANNOT be used for inner sessions.
		#
	}
}

APT Browse - Built by Thomas Orozco.