On 03/05/2011 04:46 PM, Guy wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA
Enterprise 2, and I have it basically working. my iPhone/iPad are
able to authenticate and connect via the base station. However my
Mac (OSX 10.6 Snow leopard) Laptops are having issues.
I do not want to push out Client certificates to the laptops. I also
do not want people to have to perform any customisations on the
clients.
When the laptop attempts to join the network I get a nice login
window, with username/password. This is fine. However without
playing with the network settings (802.1x settings). I'm not able to
join the network because I do not have a client Cert:
EAP-TLS *requires* a client cert. If you want to use EAP-TLS, you will
have to do something on the clients.
If you want to use PEAP or something, there are two things to consider -
the default eap type in eap.conf:
eap {
default_eap_type = peap
...
}
...and the default EAP type on MacOS.
PEAP & TTLS require the "tls" EAP type to be configured I think; I'm not
sure you can disable EAP-TLS, as this will break PEAP & TTLS. The best
you can do is change the default types.
If changing it on the server doesn't accomplish it, then I think you're
going to have to do some config on the clients.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html