=?gb2312?B?y+8gx78=?= <[EMAIL PROTECTED]> wrote: > now i can use EAP/MD5 get the authentication well. > but when we use EAP/TLS, the client cannot be authenticated ~~ > I don't whether it's the problem of the freeradius server configure or CAs > or anyother
EAP-TLS authenticates users by seeing if the certificate they supply is signed by the certificate that the RADIUS server has. You're not doing that: > rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate > --> verify error:num=18:self signed certificate The user is supplying a self-signed certificate, so the server has no way of validating who they are. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
