peap without client side certificate

[Jelle Langbroek]

But please do give the client the radius-server-cerificate so it knows which
server to authenticate with. If you don't use that certificate anybody can
set up a (intermediate) radius-server and make you authenticate with that
(without you knowing it). After that, all your data will flow though this
malicious server and information could be stolen!

gr, jelle



2008/9/6 Alan DeKok <aland at deployingradius.com>

> Ahmet DÜLGAR wrote:
> > Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps
> > i choose peap because in documents says peap doesnt need clint side
> > ceritficate
>
>   Yes.
>
> > still i cant understand the certificate types
> > i create it by /etc/raddb/certs make
> > is there other way to build only server side certificates or other type
> > mode like peap
>
>   Huh?  The certificates created by the Makefile in raddb/certs can be
> used by the server.  It produces a client certificate, but there's no
> requirement for you to use it.
>
> > i dont want to give my custemers client certificates,
>
>   Then don't.
>
> > i will use freeradius in a hotel like a hotspot, so they will need only
> > user name and pass
> > they will se my ssid and try to login by user name and password, they
> > shouldnt change any configiration or install anythink else, this is my
> > project ,how can i do it simply
>
>   Follow the instructions on my web site.  Don't give the clients a
> certificate.  It's that easy.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080907/1f14b417/attachment.html>