Hi, On Tue, Aug 14, 2012 at 04:09:01PM +0100, Phil Mayers wrote:
On 14/08/12 15:57, Cotton, Jesse wrote:
I’ve read several posts about this and none have been helpful.
In the current version of the server, I think this is hard.
As mentioned, comment out CA_file in eap.conf. To reinforce it, you can add if (EAP-Type == "EAP-TLS") { reject } after 'eap' in the authorize section of your outer server (likely default), or add something like DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject to your users file.
It may be easier in the HEAD / 3.0 code.
It is - In 3.0, EAP-TLS has be separated from PEAP and EAP-TTLS. So you can update the TLS configuration in mods-enabled/eap to the new tls-config format, and then just comment out the tls {} section. (So, in the default 3.0 config, just comment out the tls{} section.) Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>