EAP-TLS Certificates
I am using free radius 1.1.6 for EAP-TLS. I think all the example certificates are old. Is there a place from where i can download some sample certificates (both for free radius and for client) which can be used for communication.
Hi,
I am using free radius 1.1.6 for EAP-TLS. I think all the example certificates are old. Is there a place from where i can download some sample certificates (both for free radius and for client) which can be used for communication.
get 1.1.7. ensure you copy your config to somewhere safe and then install 1.1.7 - it will auto generate the EAP-TLS stuff so you can get working with it. alan
Hi,
That's CVS head, not 1.1.7.
I think we can release 2.0-pre2 this week.
comments on CVS: the listen directive is not active by default in the radiusd.conf , I thought this would have been made the de facto way for 2.0 naslist, realms and clients are still present - obsolete in 1.1.x surely GONE in 2.0 there is no commented out, ready to run experimental.conf line - as we have for snmp.conf etc alan
A.L.M.Buxey@lboro.ac.uk wrote:
the listen directive is not active by default in the radiusd.conf , I thought this would have been made the de facto way for 2.0
? "bind_address" and "port" are no longer globally defined in radiusd.conf. There is instead a top-level "listen" directive.
naslist, realms and clients are still present - obsolete in 1.1.x surely GONE in 2.0
? naslist && clients were deleted from CVS in 2005. naspasswd && realms are still there, along with "man" pages. I've deleted those. checkrad is a hack. It's unmaintained, and nearly unmaintainable. We should replace it with something better.
there is no commented out, ready to run experimental.conf line - as we have for snmp.conf etc
The experimental.conf stuff is supposed to be made active a module at a time, rather than pulling everything in. Alan DeKok.
hi, thanks - sorry i got confused over 2 of my repositories earlier today (i'm keeping TNC patch uptodate with FR releases) alan
On Mon 13 Aug 2007, Alan DeKok wrote:
A.L.M.Buxey@lboro.ac.uk wrote:
the listen directive is not active by default in the radiusd.conf , I thought this would have been made the de facto way for 2.0
? "bind_address" and "port" are no longer globally defined in radiusd.conf. There is instead a top-level "listen" directive.
naslist, realms and clients are still present - obsolete in 1.1.x surely GONE in 2.0
? naslist && clients were deleted from CVS in 2005. naspasswd && realms are still there, along with "man" pages. I've deleted those.
checkrad is a hack. It's unmaintained, and nearly unmaintainable. We should replace it with something better.
there is no commented out, ready to run experimental.conf line - as we have for snmp.conf etc
The experimental.conf stuff is supposed to be made active a module at a time, rather than pulling everything in.
I think for 2.0 would should make an etc/raddb/experimental/xxx.conf setup with a main file somewhere which includes each one, but where each include line is commented out by default.. Cheers -- Peter Nixon http://peternixon.net/
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
abhishek singh -
Alan DeKok -
Peter Nixon