1. That's not how certificates work. You add those that you want to PREVENT from connecting (for whatever reason) to Certificate Revocation List (CRL). You suposedly do have control over who are certificates issued to. If you have no control over CA then you shouldn't be using them. 2. Is anything (reading config files etc.) written to the log when you restart the server? Ivan Kalik Kalik Informatika ISP Dana 29/5/2007, "anoop_c@sifycorp.com" <anoop_c@sifycorp.com> piše:
Hi 1 I know its eap-tls and certificate based. Earlier i was using Navis radius .In that for eap-tls we have to add certificate name to a specific user file. Like that here also user file is there can i make use of the user file so that only that user get authenticated,
2 Logs are not happening.In config changes required to get the same? Regards Anoop
Message: 2 Date: Mon, 28 May 2007 15:07:06 +0100 From: <tnt@kalik.co.yu> Subject: Re: log file for free radius 1.1.6 eap-tls authentication To: \"FreeRadius users mailing list\" <freeradius-users@lists.freeradius.org> Message-ID: <a8emGRAP.1180361226.4861000.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2
This is EAP-TLS. This user has a valid user certificate and is accepted. If you don\'t want to go via certificates but use user/password, use EAP-TTLS with MS-CHAPv2 (or PAP or any other auth protocol).
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html