Khan <freeradius@tykhan.net> wrote:
My first one is to use several root CA in an EAP-TLS config. There is a line for "root CA List", but how can I set 2 root CAs or more ? I tried to have the line several times and also separate the rootCAs file names by a comma (,). None of this attempts seems to work. What am I doing wrong ? Is it possible to do it, and if so, how ?
I don't think it's possible. But you can have one root CA sign multiple other CA's. It's called certificate chains, which the server *does* support.
The second one is regarding an EAP-TLS connection. My client get authenticated properly using the certificates (CISCO's AP), but I noticed that when authenticated, there is no more "traffic" with the radius server.
That's how RADIUS works.
Is it possible to force FreeRadius or the CISCO AP to verify the authenticated client regurlarly in a similar way DHCP is done ?
See Session-Timeout.
I don't want to kill the connection, traffic between AP/client should still be running.
That isn't how AP authentication works. Alan DeKok.