peap without client side certificate

tnt at kalik.net tnt at kalik.net
Sun Sep 7 19:10:03 CEST 2008


No, not server certificate but CA certificate. Client uses CA certificate
to validate server certificate end eliminate rogue servers. It is true
that if "Validate server certificate" box isn't ticked credentials
can end up on a rouge server.

Ivan Kalik
Kalik Informatika ISP


Dana 7/9/2008, "Jelle Langbroek" <jml at orkz.net> piše:

>But please do give the client the radius-server-cerificate so it knows which
>server to authenticate with. If you don't use that certificate anybody can
>set up a (intermediate) radius-server and make you authenticate with that
>(without you knowing it). After that, all your data will flow though this
>malicious server and information could be stolen!
>
>gr, jelle
>
>
>
>2008/9/6 Alan DeKok <aland at deployingradius.com>
>
>> Ahmet DÜLGAR wrote:
>> > Finally i run freeradius 2.0.5 + mysql +wpa with peap mode by your helps
>> > i choose peap because in documents says peap doesnt need clint side
>> > ceritficate
>>
>>   Yes.
>>
>> > still i cant understand the certificate types
>> > i create it by /etc/raddb/certs make
>> > is there other way to build only server side certificates or other type
>> > mode like peap
>>
>>   Huh?  The certificates created by the Makefile in raddb/certs can be
>> used by the server.  It produces a client certificate, but there's no
>> requirement for you to use it.
>>
>> > i dont want to give my custemers client certificates,
>>
>>   Then don't.
>>
>> > i will use freeradius in a hotel like a hotspot, so they will need only
>> > user name and pass
>> > they will se my ssid and try to login by user name and password, they
>> > shouldnt change any configiration or install anythink else, this is my
>> > project ,how can i do it simply
>>
>>   Follow the instructions on my web site.  Don't give the clients a
>> certificate.  It's that easy.
>>
>>  Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list