Why exactly do you want to do this instead of using standardized EAP- TLS? You'll have to write your own code upates to FreeRADIUS, and I know of *no* supplicants that will operate in this fashion. Seems like a lot more trouble than using what's already there, especially when you get into situations like where the certificate won't fit into one EAPOL packet, which is constrained by the MTU. --Mike On Mar 7, 2007, at 12:53 PM, Diameter K wrote:
Hi All, I want to configure free-radius to handle a simple EAP described below.
1. Radius receives a IDENTITY message. The IDENTITY message contains a encrypted certificate. 2. The server decrypts and validates the Certificate and send out a EAP-Success or EAP-Failure.
Is there any way i can configure freeradius to achieve this flow or would i have to modify the code. As i understand the standard flows are much more complicated(with challenge), which i dont want.
Thanks & Regards, Shiv
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html