The EAP Saga begins.
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jan 23 11:34:41 CET 2007
Evan Vittitow wrote:
> Alan DeKok wrote:
>> Evan Vittitow wrote:
>>
>>> I think a large part of my problem is the creation of a Certificate
>>> authority.
>>>
>> Why? See the various 802.1x howto's (pointed to from freeradius.org &
>> the wiki) for how to create certificates for the server.
>>
>>
>>> Its very possible, that said Certificate authority for Radius could
>>> hypothetically be used layer for IPSec. This being the case, what would
>>> the best strategy be for implementing a PKI CA. Should I make one Cert
>>> for every host? One server host and one client Cert for all hosts?
>>> Different CAs for different Services? How will Mandriva's architecture
>>> change affect this?
>>>
>> You want one certificate for the RADIUS server. For most RADIUS
>> situations, this is enough. And that certificate shouldn't be used for
>> anything else.
>>
>>
> What do I give the xsupplicant clients?
A username and password, and optionally the CA cert so they can "trust"
the radius server cert.
More information about the Freeradius-Users
mailing list