TTLS with Mutual Authentication

Alan DeKok aland at
Tue Oct 23 09:23:50 CEST 2007

Zolotov, Eyal wrote:
> By ‘mutual authentication’ I refer to the following authentication process:
> 1.       The client authenticate the server

  Give the client the CA cert used to sign the server cert.

> 2.       The server authenticate the client

  Create a client cert, signed by the server cert.

> 3.       Only than – the clients sends username + password using MSCHAPv2

  In unlang, set:

  update control {
	EAP-TLS-Require-Client-Cert = yes

  This forces the server to validate the client cert, which is normally
not required for TTLS.

  Alan DeKok.

More information about the Freeradius-Users mailing list