Hi! By commenting the CA_file parameter in the eap->tls section:
# CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem *and* by setting CA_path parameter in the eap->tls section to an *empty* directory CA_path = ${raddbdir}/certs/trustedCAs should do the trick. No trusted CAs mean no trusted client certificates :-) Martin Gadbois wrote: > When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required. > > How can I disable EAP-TLS while using EAP-PEAP? > > I agree that if the client does not have a client key, EAP-TLS will not > work. But how to restrict EAP-TLS in any case? -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html