What doc? What I find is in google [sorry, all I could find, no radiusd document came upŠ.] is below. No it doesn¹t work, problem hasn¹t changed, I am version radiusd 3.0.11, the vars I see are actually ca_file and ca_path | not CA_file and CA_path, but what do I know? I put back the original so I can run the windows clients. Is there some other place I am not looking? Sincerely, tob I lookup in google and I get: http://freeradius.1045715.n5.nabble.com/Disabling-EAP-TLS-while-keeping-EAP -PEAP-td2761895.html Which says: Jun 18, 2007; 6:09am Re: Disabling EAP-TLS while keeping EAP-PEAP <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=use r_nodes&user=108414> 36 posts In reply to this post <http://freeradius.1045715.n5.nabble.com/Disabling-EAP-TLS-while-keeping-EA P-PEAP-tp2761895.html> by Martin Gadbois Hi! By commenting the CA_file parameter in the eap->tls section: # CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem *and* by setting CA_path parameter in the eap->tls section to an *empty* directory CA_path = ${raddbdir}/certs/trustedCAs should do the trick. No trusted CAs mean no trusted client certificates :-) Martin Gadbois wrote:
When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required.
How can I disable EAP-TLS while using EAP-PEAP?
I agree that if the client does not have a client key, EAP-TLS will not work. But how to restrict EAP-TLS in any case?
-- Beste Gruesse / Kind Regards On 3/23/17, 20:41, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+jtobin=po-box.esu.edu@lists.freeradius.org on behalf of aland@deployingradius.com> wrote:
On Mar 23, 2017, at 8:00 PM, John Tobin <jtobin@po-box.esu.edu> wrote:
Sorry, still lost:
If you want to disable tls 1.2, you follow the documentation and examples to disable it.
What part of that is unclear?
If you want to take this discussion off line because it is somewhat security sensitive, I am jtobin@po-box.esu.edu.
Questions belong on the list.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html