Beginner question

Alan DeKok aland at nitros9.org
Thu Jun 22 21:57:58 CEST 2006


Khan <freeradius at tykhan.net> wrote:
> My first one is to use several root CA in an EAP-TLS config.
> There is a line for "root CA List", but how can I set 2 root CAs
> or more ? I tried to have the line several times and also
> separate the rootCAs file names by a comma (,). None of this attempts
> seems to work.
> What am I doing wrong ? Is it possible to do it, and if so, how ?

  I don't think it's possible.  But you can have one root CA sign
multiple other CA's.  It's called certificate chains, which the server
*does* support.

> The second one is regarding an EAP-TLS connection. My client get
> authenticated properly using the certificates (CISCO's AP), but I
> noticed that when authenticated, there is no more "traffic" with the
> radius server.

  That's how RADIUS works.

> Is it possible to force FreeRadius or the CISCO AP to verify the
> authenticated client regurlarly in a similar way DHCP is done ?

  See Session-Timeout.

> I don't want to kill the connection, traffic between AP/client
> should still be running.

  That isn't how AP authentication works.

  Alan DeKok.



More information about the Freeradius-Users mailing list