But please do give the client the radius-server-cerificate so it knows which server to authenticate with. If you don't use that certificate anybody can set up a (intermediate) radius-server and make you authenticate with that (without you knowing it). After that, all your data will flow though this malicious server and information could be stolen!

gr, jelle



2008/9/6 Alan DeKok <aland@deployingradius.com>
Ahmet DÜLGAR wrote:
> Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps
> i choose peap because in documents says peap doesnt need clint side
> ceritficate

 Yes.

> still i cant understand the certificate types
> i create it by /etc/raddb/certs make
> is there other way to build only server side certificates or other type
> mode like peap

 Huh?  The certificates created by the Makefile in raddb/certs can be
used by the server.  It produces a client certificate, but there's no
requirement for you to use it.

> i dont want to give my custemers client certificates,

 Then don't.

> i will use freeradius in a hotel like a hotspot, so they will need only
> user name and pass
> they will se my ssid and try to login by user name and password, they
> shouldnt change any configiration or install anythink else, this is my
> project ,how can i do it simply

 Follow the instructions on my web site.  Don't give the clients a
certificate.  It's that easy.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html