RES: Re: PEAP/EAP-TLS with client and server certificate
Alan DeKok
aland at deployingradius.com
Tue Apr 24 16:41:54 CEST 2007
Marcelo Augusto Rodrigues Pimentel wrote:
> OK. But I´m trying to use peap to make an encrypted tunnel validating the server certificate and then I want to authenticate the clients whith EAP-TLS using client/server certificate. The TLS tunnel is working fine, but the second part of EAP-TLS authentication not.
What second part of EAP-TLS? The server supports authenticating via
client certificates, and nothing else.
> So .... in the peap section in the eap.conf, what I´ve to configure for default eap type? Is tls ?
No. You can leave it alone. It's fine.
> If I configure tls, I´ve to create a tls section in the peap section or the tls section of the eap.conf is enough. I´ve attached my eap.conf file.
If you want to use just TLS, you don't need the PEAP section. If you
want to use PEAP, you need the TLS section. The comments in the
"eap.conf" file explain this.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list