Troubleshooting EAP-TLS with External Certificates
Matthew Newton
mcn4 at leicester.ac.uk
Thu Sep 15 23:25:15 CEST 2016
On Thu, Sep 15, 2016 at 02:11:22PM -0700, Matthew West wrote:
> Off to learning CRLs and removing all non-EAP-TLS authentication
> mechanisms.
If you haven't already, check your config into git/svn/whatever so
you can go back to a working version if you break it. It helps,
really.
> After that, I should have the server functioning the way
> that was requested of me.
Just a last reminder that because you're using public certs, you
need to be *very* careful you don't let unwanteds in. For example,
check that another certificate with the subject something.acme.com
from the same CA won't validate.
> Thank you all for helping me along.
Good you've got it working. FreeRADIUS has very flexible and
powerful config but it can sometimes take a while to get your head
around it when you're not doing the very basics.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list