On Tue, Nov 15, 2011 at 01:58:25PM -0600, Whitlow, Michael wrote: > All, > > I have one minor issue to ask the group about. > > Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I > try to connect to the wireless network and I purposely put in a bad password > I still get the popup to validate the server certificate. > > On the other radius implementations I am used to the cert validation does not > happen until after the user is authenticated. I imagine I have something > configured not quite right but I don't know what. > > So, in Freeradius is there a way to change it so the validate server > certificate comes only after successfull authentication? > > > Thanks much, > > Mike >
If the server cert is bogus, you should not send any authentication information down a compromised connection. It sounds like it is functioning correctly now and was broken then. Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html