Hi, > I must be doing something wrong, as per Alan's advice I did visit > deployingradius.com, I there it mentions that the validate server cert check > box must be selected in the 802.1x supplicant config, however I cannot seem > to find where to configure that option BEFORE the first successful > connection. I know exactly how to do it once the profile is established, but > before the client has successfully connected for the first time I cannot find > where one would set this option.
the system is a little dumb. you need to create a manual connection if you want to do it that way - the straight-connect method is too streamlined and doesnt let you play like that > Also, I have used the bootstrap script to generate the certs, but I wanted to > check that the certs it is generating are what I need. I mentioned that I > changed the parameters, just to be clear the only options I changed are the > name of the entity (changed it to the name of our university, for the CA and > the name of the server for the server cert) and the expiry time (set it to a > date way into the future) that's it. > > I have also experimented with using different keys in the eap.conf file ( > using server.crt instead of server.pem, etc.) but each time the results are > the same. Please see a copy of my eap.conf below: no need to 'play' with things...the default template is pretty fine - just change the paths if you want a 'Production' storage place...and check permissions are right! > #CA_file = ${cadir}/ca.pem set this. it helps! for performance/less packets...you probably want to set the default PEAP and EAP-TTLS types to mschapv2 rather than the basic default of md5. ..and you really want to use that nice cache feature...oh yes. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html