rlm_eap: Unable to load EAP-Type/peap, as EAP-Type/TLS is required first.
This makes sense, as I'll need my server cert for PEAP. If those certs have to be defined in the TLS block, what is the right way to disable TLS in this case, but still have PEAP working?
Don't issue client certificates. EAP-TLS won't work.
Alrighty then.
I tried deleting the CA_file, so I wouldn't be able to verify user certs, but it's required. Anyway, I don't want to offer TLS and fail it, I want to NAK it on server2.
This is explained in the comments in eap.conf, above the "ttls" and "peap" sections.
Alan DeKok.
I did read that, but I was trying to reject TLS. It also says, "If you do not use client certificates, and you do not want to permit EAP-TLS authentication, then delete this configuration item", referring to CA_file. I just want to point out that it appears you can't actually delete that, although it would have been an intuitive way to deny EAP-TLS. Hopefully, that was the original intent. -- usawebbox@fastmail.fm -- http://www.fastmail.fm - And now for something completely different