Re : Multiple server certificates in EAP-TLS or EAP-TTLS
There was a post on this by Mike; You'll have to set up two instances of the EAP module. The first instance will have the TLS submodule set up with the information for Cert1.pem (and the appropriate key and CA cert). The second instance will have its TLS submodule set with the info for Cert2.pem. It will look something like this: modules { ... eap eap1 { ... tls { certificate = Cert1.pem ... } } eap eap2 { ... tls { certificate = Cert2.pem ... } } } authorize { ... eap1 } authenticate { ... eap1 eap2 } Then, this is one of the few instances where you'll need to manually specify the Auth-Type in the users file, like this: DEFAULT Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1 DEFAULT Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2 Or, better yet, use regexes (this should work): DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1 ================================================== Benjamin K. Eshun ----- Message d'origine ---- De : Don Peoples <dpeoples@NAVINI.com> À : freeradius-users@lists.freeradius.org Envoyé le : Mardi, 29 Mai 2007, 23h27mn 06s Objet : Multiple server certificates in EAP-TLS or EAP-TTLS Multiple RADIUS clients can be defined in the clients.conf file. Is there a way to define the location of a server certificate for each client? I'm envisioning a single freeRadius server supporting multiple client authenticators. I want each authenticator to be able to send a unique certificate to identify itself to its supplicants. It appears that the "certificate_file" parameter in the eap.conf file would only support a single certificate. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____________________________________________________________________________ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
participants (1)
-
Eshun Benjamin