20 Nov
2017
20 Nov
'17
2:53 a.m.
Hello, I'm currently setting up a RADIUS server(v. 2.2.8) for the first time. I followed the instructions and could connect with EAP and PEAP to my server. Since I only want to use PEAP I disabled every other authentication method by commenting out everything else in /sites-enabled/default. This works fine, since I cant connect with normal EAP anymore. I went through the process of creating my own certificate with openssl and set everything up in eap.conf under eap-tls{}. In peap{} I added EAP-TLS-Require-Client-Cert = Yes. The problem is, that the client can connect to the server even though he doesnt have the correct client certificate. How can I tell the server to check the client certificate?