Freeradius + MySql + Wireless Clients without certificates

John Dennis jdennis at
Tue Sep 14 18:45:53 CEST 2010

On 09/14/2010 11:53 AM, Esteban TALAVERA wrote:
> Thanks
> Is an autonomous AP.
> I'll try Freeradius+MySql+EAP-TLS schema.

Huh? What's that?

As has been pointed previously you must have a server cert if you're 
doing TLS.

In addition the server cert should be signed by a trusted CA and the 
supplicant should validate the cert (anything less would be a ridiculous 
  security risk).

No amount of fudging the server configuration is going to magically 
modify the fundamental requirements of TLS. If you don't want to set up 
a server cert forget about supporting PEAP, EAP_TLS, etc. (which means 
most Windows clients will not work).

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list