[EMAIL PROTECTED] wrote: > I did read that, but I was trying to reject TLS. It also says, "If you > do not use client certificates, and you do not want to permit EAP-TLS > authentication, then delete this configuration item", referring to > CA_file. I just want to point out that it appears you can't actually > delete that, although it would have been an intuitive way to deny > EAP-TLS. Hopefully, that was the original intent.
It also says: # If CA_file (below) is not used, then the # certificate_file below MUST include not # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate. Please read ALL of the comments in a module you are configuring. Selectively reading them means that you miss vital information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html