Freeradius + MySql + Wireless Clients without certificates
John Dennis
jdennis at redhat.com
Tue Sep 14 18:45:53 CEST 2010
On 09/14/2010 11:53 AM, Esteban TALAVERA wrote:
> Thanks
>
> Is an autonomous AP.
> I'll try Freeradius+MySql+EAP-TLS schema.
Huh? What's that?
As has been pointed previously you must have a server cert if you're
doing TLS.
In addition the server cert should be signed by a trusted CA and the
supplicant should validate the cert (anything less would be a ridiculous
security risk).
No amount of fudging the server configuration is going to magically
modify the fundamental requirements of TLS. If you don't want to set up
a server cert forget about supporting PEAP, EAP_TLS, etc. (which means
most Windows clients will not work).
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list