[Spam?] Re: FYI, I gave up on eap-tls for OS X and ios.
aland at deployingradius.com
Sun Apr 2 23:01:39 CEST 2017
On Apr 2, 2017, at 3:45 PM, John Tobin <jtobin at po-box.esu.edu> wrote:
> This is kind of unnecessary, but:
> I would not write to this list with any problems, if I didn’t assume there
> were some people Who were an authority on this list.
Then why are you arguing with the answers you get on this list?
> I work with a number of colleagues who are also well meaning and
> knowledgeable on some of these topics.
> They forwarded to me the URL:
> I was only able to get the video to run on my mac under safari, Firefox
> and Crome had problems, so I would recommend safari to view it.
> It was put out last year as a security update : about 10 minutes in
> it goes over Apples new philosophy about certificates.
> With my Colleagues expertise [this is a bit above my head] I am lead to
> believe self signed certs [that aren’t logged] will not work.
> If there is a work around for this problem or this should not affect free
> Sure, tell me I am [once again] incorrect.
What I said was correct. I use a Mac to develop FreeRADIUS. Every day I I log into a WiFi network secured with EAP-TTLS, and certificates created using the methods in the FreeRADIUS source.
... as I said before.
> I am a part time student who is part of the helpdesk, and the default sys
> admin for a small linux lab I have built from spare parts and used
> computers for the computer science group at East Stroudsburg University.
Which means you should pay close attention to the advice on this list, instead of ignoring it.
> I have struggled to get free radius up and running for the lab, and
> frankly don’t have time to argue with experts,
Then why are you still arguing? Install FreeRADIUS. Use the certificates it creates. It *will* work.
Or at least... it's worked for everyone else. Maybe your network is magic.
> I am trying to get this lab
> running. I struggled with eap-tls on apple products and gave up, that
> doesn’t mean it doesn’t work: I think that falls more along the lines of
> it wasn’t simple and took more time than I had. If that makes me less than
> competent, that’s fair.
<shrug> Install FreeRADIUS, create the CA / server / client certs. The hardest part of the process is getting an Apple mobileconfig file.
> I changed the EAP profile for os x to support peap, which works.
Then create a client cert using the same CA, and EAP-TLS will work.
> I am not
> using tls currently, that may change.
> Thanks for the opportunity to know I am not the expert you are. In future
> I may need some of your expertise, so I don’t need to make enemies.
> Humble pie has a special flavor all it’s own.
> Love you all. [you can smile now].
I have no idea why people feel the need to explain how terrible FreeRADIUS is, when at the same time they're ignoring the advice we give.
More information about the Freeradius-Users