Freeradius, Cisco SSC, eDirectory, EAP/(T)TLS Problem
Alan DeKok
aland at deployingradius.com
Wed Mar 26 16:58:08 CET 2008
Sven 'Darkman' Michels wrote:
> Ok, i'll doublecheck that. But just a note: if i use the wrong cert and
> see a NACK message in the log - then my ttls failed and i shouldn't see
> a ldap query at all...?
It all depends on how you set up your configuration.
> Or do i missunderstand something here? I just
> want to make sure that my client is "my" client, and not a stranger.
> Thats why i want the eap stuff (to force all "signed" by the clients
> cert, and avoid password attacks and stuff like that).
You can configure the LDAP queries to be run *only* after the TLS
tunnel has been set up. See raddb/sites-available/inner-tunnel.
Alan DeKok.
More information about the Freeradius-Users
mailing list