From 3d763afe9c4b89ccce81ef556f53b92e3a4942e4 Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Thu, 12 Jan 2012 23:31:38 +0100 Subject: Update config/freeradius2/freeradiuseapconf.xml --- config/freeradius2/freeradiuseapconf.xml | 126 ++++++++++++++++++++++++++----- 1 file changed, 108 insertions(+), 18 deletions(-) diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index 309066f0..ff50dbc4 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -109,12 +109,17 @@ md5 - + + + + + + - Expiration of EAP-Response/Request List + Expiration of EAP-Response / EAP-Request List vareapconftimerexpire input @@ -150,20 +155,19 @@ 4096 - EAP-TLS + CERTIFICATES FOR TLS listtopic Choose your Cert Manager vareapconfchoosecertmanager - To use the pfsense Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager). (Default: freeRADIUS)]]> - select + To use the pfsense Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).

+ uncheked: FreeRADIUS Cert-Manager (not recommended) (Default: unchecked)
+ cheked: pfSense Cert-Manager (recommended)]]> + checkbox radiuscertmgr - - - - + ssl_ca_cert,ssl_server_cert
SSL CA Certificate @@ -188,11 +192,70 @@ Private Key Password vareapconfprivatekeypassword - - The certificates created by pfSense Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]> + password whatever + + EAP-TLS + listtopic + + + Include Length + vareapconfincludelength + + select + yes + + + + + + + Fragment Size + vareapconffragmentsize + + input + 1024 + + + + + EAP-TLS - ENABLE CACHE + listtopic + + + Enable cache + vareapconfcacheenablecache + + The cache contains the following information:

+ session Id - unique identifier, managed by SSL User-Name - from the Access-Accept Stripped-User-Name - from the Access-Request Cached-Session-Policy - from the Access-Accept

+ The "Cached-Session-Policy" is the name of a policy which should be applied to the cached session. This policy can be used to assign VLANs, IP addresses, etc. It serves as a useful way to re-apply the policy from the original Access-Accept to the subsequent Access-Accept for the cached session.

+ On session resumption, these attributes are copied from the cache, and placed into the reply list. You probably also want "use_tunneled_reply = yes" when using fast session resumption. (Default: Disable)]]>
+ select + no + + + + +
+ + Lifetime + vareapconfcachelifetime + + input + 24 + + + Max Entries + vareapconfcachemaxentries + + input + 255 + + + + EAP-TLS with OCSP support listtopic @@ -233,17 +296,25 @@ Default EAP Type vareapconfttlsdefaulteaptype - + select md5 + + + + + + + Copy Request to Tunnel vareapconfttlscopyrequesttotunnel - not in the tunneled authentication request, but which is available outside of the tunnel, is copied to the tunneled request. (Default: no)]]> + + By setting this configuration entry to 'yes', any attribute which NOT in the tunneled authentication request, but which IS available outside of the tunnel, is copied to the tunneled request. (Default: no)]]> select no @@ -254,7 +325,7 @@ Use Tunneled Reply vareapconfttlsusetunneledreply - + select no @@ -263,23 +334,42 @@ - EAP-PEAP with MSCHAPv2 + Include Length + vareapconfttlsincludelength + + select + yes + + + + + + + EAP-PEAP listtopic Default EAP Type vareapconfpeapdefaulteaptype - + select mschapv2 + + + + + + + Copy Request to Tunnel vareapconfpeapcopyrequesttotunnel - not in the tunneled authentication request, but which is available outside of the tunnel, is copied to the tunneled request. (Default: no)]]> + + By setting this configuration entry to 'yes', any attribute which NOT in the tunneled authentication request, but which IS available outside of the tunnel, is copied to the tunneled request. (Default: no)]]> select no @@ -290,7 +380,7 @@ Use Tunneled Reply vareapconfpeapusetunneledreply - + select no -- cgit v1.2.3