Re: peap without client side certificate
But please do give the client the radius-server-cerificate so it knows which server to authenticate with. If you don't use that certificate anybody can set up a (intermediate) radius-server and make you authenticate with that (without you knowing it). After that, all your data will flow though this malicious server and information could be stolen! gr, jelle 2008/9/6 Alan DeKok [EMAIL PROTECTED] Ahmet DÜLGAR wrote: Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate Yes. still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it. i dont want to give my custemers client certificates, Then don't. i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply Follow the instructions on my web site. Don't give the clients a certificate. It's that easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap without client side certificate
No, not server certificate but CA certificate. Client uses CA certificate to validate server certificate end eliminate rogue servers. It is true that if Validate server certificate box isn't ticked credentials can end up on a rouge server. Ivan Kalik Kalik Informatika ISP Dana 7/9/2008, Jelle Langbroek [EMAIL PROTECTED] piše: But please do give the client the radius-server-cerificate so it knows which server to authenticate with. If you don't use that certificate anybody can set up a (intermediate) radius-server and make you authenticate with that (without you knowing it). After that, all your data will flow though this malicious server and information could be stolen! gr, jelle 2008/9/6 Alan DeKok [EMAIL PROTECTED] Ahmet DÜLGAR wrote: Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate Yes. still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it. i dont want to give my custemers client certificates, Then don't. i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply Follow the instructions on my web site. Don't give the clients a certificate. It's that easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap without client side certificate
Ahmet DÜLGAR wrote: Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate Yes. still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it. i dont want to give my custemers client certificates, Then don't. i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply Follow the instructions on my web site. Don't give the clients a certificate. It's that easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html