Thanks. Ollie Teasley Linux Administrator ISMELL.SHOES, LLC On Tue, Feb 9, 2016 at 6:47 PM, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Tue, Feb 09, 2016 at 06:39:10PM -0600, John Teasley wrote:
6. PROBLEM, I don't want a private CA set globally. A vpn connection does not do this when using private CA. Also, wpa_supplicant works with out the CA being imported into the global store.
Ask the NetworkManager guys where they look for the root CA and if it's configurable? That's not really a FreeRADIUS problem.
7. I REALLY DONT LIKE THE SELF SIGNED / PRIVATE CA GLOBALLY.
Does anyone see any obvious mistakes in what a described above?
With EAP-TLS you are always going to have to install the private root CA on the clients. It just happens with wpa_supplicant you are configuring it to look where you want it to.
EAP-TLS depends on running a certificate infrastructure.
Matthew
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html