Thanks a lot Alan DeKok, do I have any possibility to permit login only persons with username/password and client certificate? All authentications methods works fine on my server, but I´ll only permit login with username/password and client certificate. Which code I need to set in users/eap.conf ? TLS works fine on my server and the users can login themselves with the client certificate, but I don´t want allow login without username/password, also I don´t want allow logins with username and password but without client certificates. Best Greetings, misterklaus -------- Original-Nachricht --------
Datum: Wed, 15 Sep 2010 10:47:52 +0200 Von: Alan DeKok <aland@deployingradius.com> An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: need help - force EAP-TTLS to validate the server certificate
Klaus Laus wrote:
Hello, I have one question, is it possible to configure my freeradius server so that only clients with a ca certificate can login themselves with their username and password? I want to configure my freeradius server so that the users can only login after the successfully server certificate validation. At the moment I use EAP-TTLS for authentication, but the options in the clients "servercertificate validation" is optional. I want to use EAP-TTLS and force the ca certificate on the clients.
You can't force the client to validate the CA cert. That is a configuration which needs to be set on the client.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für nur 19,99 Euro/mtl.!* http://portal.gmx.net/de/go/dsl