How to enable only EAP-TTLS type and not EAP-TLS?
Alan DeKok
aland at deployingradius.com
Thu Jan 10 15:49:24 CET 2008
Reimer Karlsen-Masur, DFN-CERT wrote:
> Actually we were talking about server side config.
Yes. The server has been updated simplify configurations without
EAP-TLS, and to document the issues involved in certificates.
> Looking at the supplicant, the user strongly should enter a fully qualified
> name of the radius server he is expecting his authN is checked against and
> he strongly should make sure that his supplicant is checking hard that this
> FQDN matches the CN of the RADIUS server cert. Usually there is some
> checkbox/option to enable that behavior.
I don't recall seeing that, to be honest. wpa_supplicant doesn't have
that, and Windows doesn't have it. They both have a "validate server
certificate" checkbox, but that only checks the CA chain, NOT the CN.
Alan DeKok.
More information about the Freeradius-Users
mailing list