...
Technically, three backend cases need to be considered for deployment:
| Backend stores passwords in... | PEAP-MSCHAPv2? | TTLS? | 
|---|---|---|
| plain text or reversibly encrypted | Yes | Yes (TTLS-PAP, TTLS-MSCHAPv2) | 
| NT-Hash | Yes | Yes (TTLS-PAP, TTLS-MSCHAPv2) | 
| other irreversible encryption | No | Yes (TTLS-PAP) | 
Where both options are possible, we suggest the following order of preference: TTLS-MSCHAPv2, PEAP- MSCHAPv2, TTLS-PAP (in descending order of preference).
...
| Code Block | 
|---|
| 
<Handler Realm=group_1>
          <AuthBy FILE>
                    Filename %D/users
                    EAPType TTLS, PEAP
                    EAPTLS_CAFile %D/root.pem
                    EAPTLS_CertificateFile %D/server.pem
                    EAPTLS_CertificateType PEM
                    EAPTLS_PrivateKeyFile %D/server.pem
                    EAPTLS_PrivateKeyPassword serverkey
                    EAPTLS_MaxFragmentSize 1024
                    EAPAnonymous anonymous@group1
                    AutoMPPEKeys
           </AuthBy>
</Handler>
 | 
Sample configuration file
An example configuration script can be downloaded from http://www.eduroam.org/downloads/docs/eduroamcookbookscripts.zip.
