On 07/09/2012 06:30 PM, Andreas Meyer wrote:
Ok, thank you for the hints! Everything is getting clearer by and by.
I just found out that I get entry into the WLAN with an android smartphone
by just using the username and password without using the ca.crt with
PEAP/MSchap2. I read in the protocols-table that only with EAP-TLS
certificates are used.
No, this is not true.
All TLS-based EAP methods REQUIRE a server cert - EAP-TLS, EAP-PEAP,
EAP-TTLS. If you aren't validating this server cert, you are vulnerable
to attack.
EAP-TLS is unique in that it also requires a CLIENT cert. TTLS/PEAP use
username/password to identify the client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
