Freeradius, Cisco SSC, eDirectory, EAP/(T)TLS Problem
Alan DeKok
aland at deployingradius.com
Thu Mar 27 09:22:54 CET 2008
Sven 'Darkman' Michels wrote:
> ...The
> only problem i had was "where to force the client cert when using
> eap/tls"
EAP-TLS *always* uses a client cert.
> which seems to work except that the cisco client simply don't offer a
> cert when using ttls. As far as i know, this requirement is not often
> met at any client (you posted some note about a while ago...)
Yes.
> so we're
> calling cisco today to clearify how we can do maschine and user
> authentification with forced clientcert (i can only do ttls for
> maschine AND user/pw auth and not doing like tls for maschine and ttls
> for user/pw - their client doesn't support that - the new client just
> crashes when the server requires a cert, horray ;).
Nice!
> Thanks for your help so far - the main issue was the old freeradius as
> it seems...
Yes. Upgrading is usually a good idea.
Alan DeKok.
More information about the Freeradius-Users
mailing list