sounds interesting can you post your tls section config
 
==================================================
 



----- Message d'origine ----
De : "Reimer Karlsen-Masur, DFN-CERT" <karlsen-masur@dfn-cert.de>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Lundi, 18 Juin 2007, 11h09mn 31s
Objet : Re: Disabling EAP-TLS while keeping EAP-PEAP

Hi!

By commenting the CA_file parameter in the eap->tls section:

# CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem

*and*

by setting CA_path parameter in the eap->tls section to an *empty* directory

CA_path = ${raddbdir}/certs/trustedCAs

should do the trick.

No trusted CAs mean no trusted client certificates :-)

Martin Gadbois wrote:
> When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required.
>
> How can I disable EAP-TLS while using EAP-PEAP?
>
> I agree that if the client does not have a client key, EAP-TLS will not
> work. But how to restrict EAP-TLS in any case?

--
Beste Gruesse / Kind Regards

Reimer Karlsen-Masur

DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail