Re: PEAP/TTLS and Client certificates
rdeboer wrote: I already enabled said option, the only problem is that this doesn't enforce the use of PEAP with a client certificate, as the TLS module is enabled and configured, it allows you to log in with just a client certificate using TLS. What I want is to enforce the use of not just TLS but PEAP with a client cert. The solution is to disable EAP-TLS by disallowing it. In the users file, do: DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/TTLS and Client certificates
So a few weeks later and still not much further.. Has anyone got an idea how I could force PEAP sessions to supply client a client certificate? -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp3238845p3289077.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/TTLS and Client certificates
rdeboer wrote: So a few weeks later and still not much further.. Has anyone got an idea how I could force PEAP sessions to supply client a client certificate? Read raddb/eap.conf. Look for client cert Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/TTLS and Client certificates
I already enabled said option, the only problem is that this doesn't enforce the use of PEAP with a client certificate, as the TLS module is enabled and configured, it allows you to log in with just a client certificate using TLS. What I want is to enforce the use of not just TLS but PEAP with a client cert. Suppose I should have made that clearer in my post, sorry about that. -Remy -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp3238845p3289088.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/TTLS and Client certificates
I'm using the Juniper Odyssey Access Client, you can download a trial from the Juniper website. So far it's the only supplicant I've come across that allows for PEAP or TTLS with client certificates. Drawback being you have to buy licenses for each instance of it running inside the company, which undoubtedly is going to cost a fortune. So if anyone out there has any idea of a free open source solution I'm game... About the perl module, I'll start looking into that, thanks for the tip. -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp3238845p3250321.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/TTLS and Client certificates
Which OS? David On Thu, Nov 4, 2010 at 9:00 AM, rdeboer rem...@gmail.com wrote: I'm using the Juniper Odyssey Access Client, you can download a trial from the Juniper website. So far it's the only supplicant I've come across that allows for PEAP or TTLS with client certificates. Drawback being you have to buy licenses for each instance of it running inside the company, which undoubtedly is going to cost a fortune. So if anyone out there has any idea of a free open source solution I'm game... About the perl module, I'll start looking into that, thanks for the tip. -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp3238845p3250321.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/TTLS and Client certificates
Mostly windows 7 but linux and OSX would be nice too.. -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp3238845p3250786.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html