Versions Compared

Old Version 49

changes.mady.by.user Toms Filatovs

Saved on

compared with

New Version Current

changes.mady.by.user Guntis G.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: mschapv2-password and username clarification

...

PropertyDescription
eap-methods (eap-tls | eap-ttls-mschapv2 | passthrough | peap; Default: passthrough)Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points.
  • eap-tls - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties.
  • eap-ttls-mschapv2 - Use EAP-TTLS with MS-CHAPv2 authentication.
  • passthrough - Access Point will relay authentication process to the RADIUS server.
  • peap - Use Protected EAP authentication.
supplicant-identity (text; Default: Identity)EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
mschapv2-username (text; Default: )Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations.
mschapv2-password (text; Default: )Password to use for authentication when eap-ttls-mschapv2mschapv2 or peap authentication method is being used. This property only has effect on Stations.
tls-mode (verify-certificate | dont-verify-certificate | no-certificates | verify-certificate-with-crl; Default: no-certificates)This property has effect only when eap-methods contains eap-tls.
  • verify-certificate - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration.
  • dont-verify-certificate - Do not check certificate of the remote device. Access Point will not require client to provide certificate.
  • no-certificates - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange.
  • verify-certificate-with-crl - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
tls-certificate (none | name; Default: none)Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.

...