iOS mysterious issues on Freeradius 3.0.14

John Tobin jtobin at po-box.esu.edu
Thu Mar 23 19:34:10 CET 2017 

Where is the tls 1.2 negotiation documented, I am somewhat of a newbie, I
did search google for tls disable free radiusd, etc. didn¹t see anything
like a disable switch/ or option, but then I may not have been looking in
the right place. The only note that makes sense is one that says you
simply don¹t install the client cert.

The problem I am facing maybe using the Dot1xprofiler. It doesn¹t have all
the options I need to put in 1. Certificate[s], and a WPA password, and an
userid/passwprd pair. I may have a work around for that -> I build the
Dot1xprofile, then use the command line profile command to print out the
plist of the profile [profiles -L -o [pathAndFileName] -> run man on the
profiles command look at the examples] then edit the profile to include
wpa2  EncrptionType, and fill in a password, then use the profiles command
again to recreate [install] the profile with you updates. Well some thing
like that.

Give me a word on the tls situation. I do get it, if you don¹t include the
client cert, then the TLS [with the server cert installed] checks to make
sure you have the correct server, and the client authentication is by
userid / Password. But that is kind of a miss of true TLS which would need
both the server and the client cert supported.

tob

On 3/22/17, 18:16, "Freeradius-Users on behalf of A.L.M.Buxey at lboro.ac.uk"
<freeradius-users-bounces+jtobin=po-box.esu.edu at lists.freeradius.org on
behalf of A.L.M.Buxey at lboro.ac.uk> wrote:

>Hi,
>> The log snip below, shows test on os x Sierra, Windows 7 works, I have
>>not
>> had the time to test win 10.
>> So free Radiusd works, this is just an apple os x problem, server cert
>>is
>> self signed, dot1xprofiler is my profile app, and has both the signed
>>cert
>> [server.pem] and client cert [client.p12] generated by the make in
>> /etc/raddb/certs.
>
>well, client issue....TLS issue... I would suggest looking at my previous
>response
>and trying that config option out.
>
>alan
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list