virtual server configuration
Alan DeKok
aland at deployingradius.com
Wed Mar 12 07:02:07 CET 2008
usawebbox at fastmail.fm wrote:
> When TLS is empty (i.e. TLS {}):
Huh? Why would you leave it empty?
If you're not going to use TLS, delete the whole section. It's just
like any other module.
> When TLS is removed:
>
> rlm_eap: Unable to load EAP-Type/ttls, as EAP-Type/TLS is required
> first.
If you're not going to use TTLS, delete that section, too.
> Or, if TTLS is also removed:
>
> rlm_eap: Unable to load EAP-Type/peap, as EAP-Type/TLS is required
> first.
>
> This makes sense, as I'll need my server cert for PEAP. If those certs
> have to be defined in the TLS block, what is the right way to disable
> TLS in this case, but still have PEAP working?
Don't issue client certificates. EAP-TLS won't work.
> I tried deleting the
> CA_file, so I wouldn't be able to verify user certs, but it's required.
> Anyway, I don't want to offer TLS and fail it, I want to NAK it on
> server2.
This is explained in the comments in eap.conf, above the "ttls" and
"peap" sections.
Alan DeKok.
More information about the Freeradius-Users
mailing list