Bug 42728 - Unable to deactivate auth via TTLS
Unable to deactivate auth via TTLS
Product: UCS
Classification: Unclassified
Component: Radius
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-0-errata
Assigned To: Janek Walkenhorst
Daniel Tröder
Depends on:
  Show dependency treegraph
Reported: 2016-10-21 12:28 CEST by Sönke Schwardt-Krummrich
Modified: 2017-06-15 17:57 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016101221000391
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2016-10-21 12:28:44 CEST
A customer tried to configure "certificate-auth-only" but this failed since newer windows version (8+) support TTLS and TTLS is always activated if MSCHAP* is deactivated.
Comment 1 Janek Walkenhorst univentionstaff 2017-05-12 18:58:19 CEST
Advisory: univention-radius.yaml

 Activates the authentication over MSCHAPv2-in-EAP-in-PEAP-in-EAP-in-RADIUS (This takes precedence over freeradius/conf/auth-type/ttls) (Default: false)

 Activates the authentication over MD5-in-EAP-in-TTLS-in-EAP-in-RADIUS (Only applicable if freeradius/conf/auth-type/mschap is false) (Default: true)
Comment 2 Daniel Tröder univentionstaff 2017-05-21 11:41:33 CEST
OK: code
OK: manual test
OK: advisory (wording r79460)
Comment 3 Janek Walkenhorst univentionstaff 2017-06-15 17:57:58 CEST