Hi to all, I just register to the ML as I'm looking for specific item in freeradius without being able to find any help. Even if google is supposed to be my friend, it was not in that cases ;) My first one is to use several root CA in an EAP-TLS config. There is a line for "root CA List", but how can I set 2 root CAs or more ? I tried to have the line several times and also separate the rootCAs file names by a comma (,). None of this attempts seems to work. What am I doing wrong ? Is it possible to do it, and if so, how ? The second one is regarding an EAP-TLS connection. My client get authenticated properly using the certificates (CISCO's AP), but I noticed that when authenticated, there is no more "traffic" with the radius server. Is it possible to force FreeRadius or the CISCO AP to verify the authenticated client regurlarly in a similar way DHCP is done ? I don't want to kill the connection, traffic between AP/client should still be running. Many thanks for the help you may provide. Regards Khan
Khan <freeradius@tykhan.net> wrote:
My first one is to use several root CA in an EAP-TLS config. There is a line for "root CA List", but how can I set 2 root CAs or more ? I tried to have the line several times and also separate the rootCAs file names by a comma (,). None of this attempts seems to work. What am I doing wrong ? Is it possible to do it, and if so, how ?
I don't think it's possible. But you can have one root CA sign multiple other CA's. It's called certificate chains, which the server *does* support.
The second one is regarding an EAP-TLS connection. My client get authenticated properly using the certificates (CISCO's AP), but I noticed that when authenticated, there is no more "traffic" with the radius server.
That's how RADIUS works.
Is it possible to force FreeRadius or the CISCO AP to verify the authenticated client regurlarly in a similar way DHCP is done ?
See Session-Timeout.
I don't want to kill the connection, traffic between AP/client should still be running.
That isn't how AP authentication works. Alan DeKok.
Khan wrote:
My first one is to use several root CA in an EAP-TLS config. There is a line for "root CA List", but how can I set 2 root CAs or more ? I tried to have the line several times and also separate the rootCAs file names by a comma (,). None of this attempts seems to work. What am I doing wrong ? Is it possible to do it, and if so, how ?
Put multiple CA certs in that one file. --ben
participants (3)
-
Alan DeKok -
Benjamin Bennett -
Khan