But please do give the client the radius-server-cerificate so it knows which server to authenticate with. If you don't use that certificate anybody can set up a (intermediate) radius-server and make you authenticate with that (without you knowing it). After that, all your data will flow though this malicious server and information could be stolen! gr, jelle 2008/9/6 Alan DeKok <aland@deployingradius.com>
Ahmet DÜLGAR wrote:
Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps i choose peap because in documents says peap doesnt need clint side ceritficate
Yes.
still i cant understand the certificate types i create it by /etc/raddb/certs make is there other way to build only server side certificates or other type mode like peap
Huh? The certificates created by the Makefile in raddb/certs can be used by the server. It produces a client certificate, but there's no requirement for you to use it.
i dont want to give my custemers client certificates,
Then don't.
i will use freeradius in a hotel like a hotspot, so they will need only user name and pass they will se my ssid and try to login by user name and password, they shouldnt change any configiration or install anythink else, this is my project ,how can i do it simply
Follow the instructions on my web site. Don't give the clients a certificate. It's that easy.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html