Hi,
> I must be doing something wrong, as per Alan's advice I did visit
> deployingradius.com, I there it mentions that the validate server cert check
> box must be selected in the 802.1x supplicant config, however I cannot seem
> to find where to configure that option BEFORE the first successful
> connection. I know exactly how to do it once the profile is established, but
> before the client has successfully connected for the first time I cannot find
> where one would set this option.
the system is a little dumb. you need to create a manual connection if you want
to do it that way -
the straight-connect method is too streamlined and doesnt let you play like that
> Also, I have used the bootstrap script to generate the certs, but I wanted to
> check that the certs it is generating are what I need. I mentioned that I
> changed the parameters, just to be clear the only options I changed are the
> name of the entity (changed it to the name of our university, for the CA and
> the name of the server for the server cert) and the expiry time (set it to a
> date way into the future) that's it.
>
> I have also experimented with using different keys in the eap.conf file (
> using server.crt instead of server.pem, etc.) but each time the results are
> the same. Please see a copy of my eap.conf below:
no need to 'play' with things...the default template is pretty fine - just
change the paths
if you want a 'Production' storage place...and check permissions are right!
> #CA_file = ${cadir}/ca.pem
set this. it helps!
for performance/less packets...you probably want to set the default PEAP and
EAP-TTLS types to mschapv2 rather than the basic default of md5.
..and you really want to use that nice cache feature...oh yes.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
