Hello, colleagues.Thanks for the help. I was able to configure it. Can we add instructions to the site?
9 июля 2020 г., в 23:36, Alan DeKok <aland@deployingradius.com> написал(а):
On Jul 9, 2020, at 2:17 PM, Клеусов Владимир Сергеевич via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Did I understand the procedure correctly ? 1) In the eap module we specify the root certificate 2) Creating client certificates and signing with this root certificate
EAP-TLS requires client certificates. TTLS does not.
3) On the windows client we add our root certificate to trusted root certificates 4) On the Windows client we add the generated client certificates to the trusted personal certificates
For EAP-TLS. Not for TTLS.
If this is true, does tttls/pap require certificates on the server and client ? I thought tttls/pap only requires certifications on the server
Doing *any* TLS requires that the Windows client knows about the root CA.
You *don't* need a client certificate for TTLS + PAP.
You *do* need a client certificate for EAP-TLS.
You *do* need a server certificate which is on FreeRADIUS. That server certificate *must* be signed by the root CA.
Alan DeKok.