Univention Bugzilla – Bug 42728
Unable to deactivate auth via TTLS
Last modified: 2017-06-15 17:57:58 CEST
A customer tried to configure "certificate-auth-only" but this failed since newer windows version (8+) support TTLS and TTLS is always activated if MSCHAP* is deactivated.
Advisory: univention-radius.yaml freeradius/conf/auth-type/mschap: Activates the authentication over MSCHAPv2-in-EAP-in-PEAP-in-EAP-in-RADIUS (This takes precedence over freeradius/conf/auth-type/ttls) (Default: false) freeradius/conf/auth-type/ttls: Activates the authentication over MD5-in-EAP-in-TTLS-in-EAP-in-RADIUS (Only applicable if freeradius/conf/auth-type/mschap is false) (Default: true)
OK: code OK: manual test OK: advisory (wording r79460)
<http://errata.software-univention.de/ucs/4.2/37.html>