On Thu, Sep 15, 2016 at 02:11:22PM -0700, Matthew West wrote:
Off to learning CRLs and removing all non-EAP-TLS authentication mechanisms.
If you haven't already, check your config into git/svn/whatever so you can go back to a working version if you break it. It helps, really.
After that, I should have the server functioning the way that was requested of me.
Just a last reminder that because you're using public certs, you need to be *very* careful you don't let unwanteds in. For example, check that another certificate with the subject something.acme.com from the same CA won't validate.
Thank you all for helping me along.
Good you've got it working. FreeRADIUS has very flexible and powerful config but it can sometimes take a while to get your head around it when you're not doing the very basics. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>