I've managed to get freeradius 1.0.1 working with EAP-TTLS, PEAP, and TLS (mostly), but I found that with EAP-TLS, I can use any client certificate I want, and freeradius will allow the client through. This presents a major security hole in my configuration, and I can't seem to figure out how to lock it down.
Is there a way to configure freeradius to only accept client certs issued by a specific CA? Either that or only allow a specific set of certs (say, copies of the certs in a directory, for example), either way would be fine for my purposes. -- Jon Franklin [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html