6 # Sample configuration for an EAP module that occurs *inside*
7 # of a tunneled method. It is used to limit the EAP types that
8 # can occur inside of the inner tunnel.
10 # See also raddb/sites-available/inner-tunnel
12 # See raddb/modules/eap for full documentation on the meaning of these
13 # configuration entries.
16 # This is the best choice for PEAP.
17 default_eap_type = mschapv2
21 # This should be the same as the outer eap "max sessions"
29 # The default challenge, which many clients
31 #challenge = "Password: "
37 # See eap for documentation
41 # No TTLS or PEAP configuration should be listed here.
45 # You SHOULD use different certificates than are used
46 # for the outer EAP configuration!
48 # Support for PEAP/TLS and RFC 5176 TLS/TLS is experimental.
49 # It might work, or it might not.
52 private_key_password = whatever
53 private_key_file = ${certdir}/inner-server.pem
55 # If Private key & Certificate are located in
56 # the same file, then private_key_file &
57 # certificate_file must contain the same file
60 # If CA_file (below) is not used, then the
61 # certificate_file below MUST include not
62 # only the server certificate, but ALSO all
63 # of the CA certificates used to sign the
65 certificate_file = ${certdir}/inner-server.pem
67 # You may want different CAs for inner and outer
68 # certificates. If so, edit this file.
69 CA_file = ${cadir}/ca.pem
71 cipher_list = "DEFAULT"
73 # You may want to set a very small fragment size.
74 # The TLS data here needs to go inside of the
75 # outer EAP-TLS protocol.
77 # Try values and see if they work...
78 # fragment_size = 1024
80 # Other needful things
81 dh_file = ${certdir}/dh
82 random_file = ${certdir}/random
84 # CRL and OCSP things go here. See the main "eap"
87 # CA_path = /path/to/directory/with/ca_certs/and/crls/
90 # The session resumption / fast reauthentication
91 # cache CANNOT be used for inner sessions.