RES: Re: PEAP/EAP-TLS with client and server certificate

Alan DeKok aland at deployingradius.com
Tue Apr 24 16:41:54 CEST 2007


Marcelo Augusto Rodrigues Pimentel wrote:
> OK. But I´m trying to use peap to make an encrypted tunnel validating the server certificate and then I want to authenticate the clients whith EAP-TLS using client/server certificate. The TLS tunnel is working fine, but the second part of EAP-TLS authentication not.

  What second part of EAP-TLS?  The server supports authenticating via
client certificates, and nothing else.

> So .... in the peap section in the eap.conf, what I´ve to configure for default eap type? Is tls ?

  No.  You can leave it alone.  It's fine.

> If I configure tls, I´ve to create a tls section in the peap section or the tls section of the eap.conf is enough. I´ve attached my eap.conf file.

  If you want to use just TLS, you don't need the PEAP section.  If you
want to use PEAP, you need the TLS section.  The comments in the
"eap.conf" file explain this.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list