Hi, > RADIUS certificates for EAP should ALMOST ALWAYS be self-signed. That > means that no one else can successfully convince the users to send them > the passwords.
seconded/thirded. as UK eduroam support I agree that such a closed-loop system provides a better protection. though more config and deployment pains, certainly ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html