I'm using Freeradius 2.1.1. My setup has been successfully
authenticating TLS, TTLS, and PEAP for a while. Now I would like to deny
TLS in the EAP negotiation, although the users will still have client
certificates. I don't know how to reject TLS without breaking PEAP/TTLS.
Those methods require
On Wed, 19 Mar 2008 07:30:53 +0100, Alan DeKok
[EMAIL PROTECTED] said:
[EMAIL PROTECTED] wrote:
All you need is a server cert and private
key. In PEAP, the client is the one who needs the CA cert, if he wants
to verify the server cert, but even that is optional.
The CA cert is
I'm using FreeRADIUS Version 2.0.2, for host i686-suse-linux-gnu, built
on Feb 14 2008 at 15:20:55
I got back to testing allowing only PEAP-GTC on one virtual server. I
used the included self-signed certs this time, but as I suspected, the
results were the same whenever I comment out CA_file:
It also says:
# If CA_file (below) is not used, then the
# certificate_file below MUST include not
# only the server certificate, but ALSO all
# of the CA certificates used to sign the
It also says:
# If CA_file (below) is not used, then the
# certificate_file below MUST include not
# only the server certificate, but ALSO all
# of the CA certificates used to sign the
It also says:
# If CA_file (below) is not used, then the
# certificate_file below MUST include not
# only the server certificate, but ALSO all
# of the CA certificates used to sign the
rlm_eap: Unable to load EAP-Type/peap, as EAP-Type/TLS is required
first.
This makes sense, as I'll need my server cert for PEAP. If those certs
have to be defined in the TLS block, what is the right way to disable
TLS in this case, but still have PEAP working?
Don't issue client
Pardon the non-threaded replies. I'll have to find a client that works
with the list.
I'm still having trouble with the eap_gtc section, because when I remove
TLS or empty it or try to return reject, the server won't start. Is
removing the section the right way to not support an eap type on
I want to run two virtual servers on different ports, where one server
allows PEAP-MSCHAPV2 and the other doesn't. It seems that only one
eap.conf can be used.
No. You can have multiple instances of the EAP module, just like
anything else:
eap foo {
...
}
eap bar {
...
I want to run two virtual servers on different ports, where one server
allows PEAP-MSCHAPV2 and the other doesn't. It seems that only one
eap.conf can be used. I can see how to separate the Authorize and
Authenticate sections, but I haven't seen any documentation on the
syntax to select or reject
I failed to install freeradius 1.0.1 on SUSE 9.1. A summary of the
failures that I noticed is below. Make is using the install folder's
version of libtool, so I don't know what went wrong. When I switch to my
local, and updated, version of libtool, I get the same result.
I someone has any
I searched the docs and google for this error. Can it simply mean that it
doesn't like my CA cert, which was issued from a Windows 2000 cert server
- or have I failed to configure somewhere else?
I've my 3 certs successfully for EAP-TLS on Windows IAS and Cisco ACS.
radiusd does have permission
12 matches
Mail list logo
