Khan <[EMAIL PROTECTED]> wrote: > My first one is to use several root CA in an EAP-TLS config. > There is a line for "root CA List", but how can I set 2 root CAs > or more ? I tried to have the line several times and also > separate the rootCAs file names by a comma (,). None of this attempts > seems to work. > What am I doing wrong ? Is it possible to do it, and if so, how ?
I don't think it's possible. But you can have one root CA sign multiple other CA's. It's called certificate chains, which the server *does* support. > The second one is regarding an EAP-TLS connection. My client get > authenticated properly using the certificates (CISCO's AP), but I > noticed that when authenticated, there is no more "traffic" with the > radius server. That's how RADIUS works. > Is it possible to force FreeRadius or the CISCO AP to verify the > authenticated client regurlarly in a similar way DHCP is done ? See Session-Timeout. > I don't want to kill the connection, traffic between AP/client > should still be running. That isn't how AP authentication works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html