Beginner question
Alan DeKok
aland at nitros9.org
Thu Jun 22 21:57:58 CEST 2006
Khan <freeradius at tykhan.net> wrote:
> My first one is to use several root CA in an EAP-TLS config.
> There is a line for "root CA List", but how can I set 2 root CAs
> or more ? I tried to have the line several times and also
> separate the rootCAs file names by a comma (,). None of this attempts
> seems to work.
> What am I doing wrong ? Is it possible to do it, and if so, how ?
I don't think it's possible. But you can have one root CA sign
multiple other CA's. It's called certificate chains, which the server
*does* support.
> The second one is regarding an EAP-TLS connection. My client get
> authenticated properly using the certificates (CISCO's AP), but I
> noticed that when authenticated, there is no more "traffic" with the
> radius server.
That's how RADIUS works.
> Is it possible to force FreeRadius or the CISCO AP to verify the
> authenticated client regurlarly in a similar way DHCP is done ?
See Session-Timeout.
> I don't want to kill the connection, traffic between AP/client
> should still be running.
That isn't how AP authentication works.
Alan DeKok.
More information about the Freeradius-Users
mailing list