13 Apr
2006
13 Apr
'06
3:20 p.m.
=?gb2312?B?y+8gx78=?= <sumner007@hotmail.com> wrote:
now i can use EAP/MD5 get the authentication well. but when we use EAP/TLS, the client cannot be authenticated ~~ I don't whether it's the problem of the freeradius server configure or CAs or anyother
EAP-TLS authenticates users by seeing if the certificate they supply is signed by the certificate that the RADIUS server has. You're not doing that:
rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate --> verify error:num=18:self signed certificate
The user is supplying a self-signed certificate, so the server has no way of validating who they are. Alan DeKok.