Le 24/11/2017 à 12:46, Matthew Newton a écrit :
On Fri, 2017-11-24 at 11:58 +0100, Jérôme BERTHIER wrote:
And so, if we do NOT want to permit EAP-TLS authentication, we have to :
- comment out the attributes ca_file AND ca_path
- concatenate the server certificate and the CA certificate (as explained in comments) To disable EAP-TLS, just comment out the entire tls{} section in mods- available/eap.
You can comment out the CA options in tls-common as well if you want, but it should not be necessary.
Sorry I was confused about old setup from Freeradius 1.x when the tls section was mandatory for TTLS and PEAP. Now, to do TTLS and PEAP without tls, I note that we just have to : - setup the section tls-config tls-common {} where we can as well use ca_file or ca_path or concatenate server and CA certificate. - disable the section tls {} Thanks you for your answer Regards, -- Jérôme BERTHIER