Hi,
I'm new to Freeradius and to Linux (Ubuntu Server 16.04) as well. I've got my first server up and running Freeradius v3 and can >successfully authorize users on my network with a username and password. Works great and was easy to do. My AXis ipCCTV cameras >require EAP-TLS and this is where I'm stuck.
My clients require a CA Certificate, a Client cert and private key, an EAP identity and Private key password for the EAP >identity. I'm not exactly sure where all this comes from.
FreeRADIUS provides example scripts that will create a CA, server cert and clients certs. you will want to modify those scripts for a productioon server (so that eg the realm, name etc are correct) - but most of it wokrs out of the box. for client certs, you will need to look at the client part of those scripts....and ensure that the FreeRADIUS server is configured correctly for EAP-TLS (check the eap module....or eap.conf for older versions)... the typical issue is that if you use your own CA (and intermediates if you go the extra mile), the client wont know them - so you need to ensure the client has the CA installed... this can be done with 802.1X deployment tools - commercial ones, free ones..and MDM solutions. alan