How to enable only EAP-TTLS type and not EAP-TLS?

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Jan 10 14:53:10 CET 2008


Hi,

>   RADIUS certificates for EAP should ALMOST ALWAYS be self-signed.  That
> means that no one else can successfully convince the users to send them
> the passwords.

seconded/thirded.  as UK eduroam support I agree that such a closed-loop
system provides a better protection.  though more config and deployment pains,
certainly ;-)

alan



More information about the Freeradius-Users mailing list