How to enable only EAP-TTLS type and not EAP-TLS?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Jan 10 19:32:43 CET 2008
Hi,
> Oh, it exists. It's called subject_match within a network { } stanza of
> wpa_supplicant, and all the Windows supplicants I've seen so far allow you
> set your expectations on the server name. It's turned off by default though.
agreed. it is there.
however, this puts the security on the client end...and they'll still
get a connection with the proper server even if they've ommitted
all the checks. this is bad generally - you need to have a way
of the server checking that these client settings are enforced.
oh well. I guess thats what locked-down desktops, corporate images,
GPO pushed settings etc are all for. not handy for supporting
the average user.
alan
More information about the Freeradius-Users
mailing list