TTLS with Mutual Authentication
Alan DeKok
aland at deployingradius.com
Tue Oct 23 09:23:50 CEST 2007
Zolotov, Eyal wrote:
> By ‘mutual authentication’ I refer to the following authentication process:
>
> 1. The client authenticate the server
Give the client the CA cert used to sign the server cert.
> 2. The server authenticate the client
Create a client cert, signed by the server cert.
> 3. Only than – the clients sends username + password using MSCHAPv2
In unlang, set:
update control {
EAP-TLS-Require-Client-Cert = yes
}
This forces the server to validate the client cert, which is normally
not required for TTLS.
Alan DeKok.
More information about the Freeradius-Users
mailing list