Pardon the non-threaded replies. I'll have to find a client that works
with the list.
>> I'm still having trouble with the eap_gtc section, because when I remove
>> TLS or empty it or try to return reject, the server won't start. Is
>> removing the section the right way to not support an eap type on one
>> virtual server?
>
> Yes. Could you post the error?
I should have done that.
When TLS is empty (i.e. TLS {}):
rlm_eap: SSL error error:0200100E:system library:fopen:Bad address
rlm_eap_tls: Error reading certificate file (null)
rlm_eap: Failed to initialize type tls
When TLS is removed:
rlm_eap: Unable to load EAP-Type/ttls, as EAP-Type/TLS is required
first.
Or, if TTLS is also removed:
rlm_eap: Unable to load EAP-Type/peap, as EAP-Type/TLS is required
first.
This makes sense, as I'll need my server cert for PEAP. If those certs
have to be defined in the TLS block, what is the right way to disable
TLS in this case, but still have PEAP working? I tried deleting the
CA_file, so I wouldn't be able to verify user certs, but it's required.
Anyway, I don't want to offer TLS and fail it, I want to NAK it on
server2.
--
[EMAIL PROTECTED]
--
http://www.fastmail.fm - Does exactly what it says on the tin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
