virtual server configuration
usawebbox at fastmail.fm
usawebbox at fastmail.fm
Wed Mar 12 10:20:49 CET 2008
>> rlm_eap: Unable to load EAP-Type/peap, as EAP-Type/TLS is required
>> first.
>>
>> This makes sense, as I'll need my server cert for PEAP. If those certs
>> have to be defined in the TLS block, what is the right way to disable
>> TLS in this case, but still have PEAP working?
>
> Don't issue client certificates. EAP-TLS won't work.
>
Alrighty then.
>> I tried deleting the
>> CA_file, so I wouldn't be able to verify user certs, but it's required.
>> Anyway, I don't want to offer TLS and fail it, I want to NAK it on
>> server2.
>
> This is explained in the comments in eap.conf, above the "ttls" and
>"peap" sections.
>
> Alan DeKok.
I did read that, but I was trying to reject TLS. It also says, "If you
do not use client certificates, and you do not want to permit EAP-TLS
authentication, then delete this configuration item", referring to
CA_file. I just want to point out that it appears you can't actually
delete that, although it would have been an intuitive way to deny
EAP-TLS. Hopefully, that was the original intent.
--
usawebbox at fastmail.fm
--
http://www.fastmail.fm - And now for something completely different
More information about the Freeradius-Users
mailing list