[EMAIL PROTECTED] wrote: > The first comment might be giving you just another place to provide your > CA cert, whereas the second comment clearly talks about not permiting > EAP-TLS. I say this, because I don't see why the CA would be required at > all if EAP-TLS will be denied.
Because PEAP uses certificates, too. The requirement for a CA cert comes from the requirements on certificate chains. It is not a PEAP requirement. PEAP just inherits that requirement because PEAP uses certificates. > All you need is a server cert and private > key. In PEAP, the client is the one who needs the CA cert, if he wants > to verify the server cert, but even that is optional. The CA cert is needed by OpenSSL to validate the server cert. > Anyway, can we say now that not providing a CA_file doesn't work? Provide a CA cert as instructed, either in CA_file or in certificate_file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html