need help - force EAP-TTLS to validate the server certificate

Klaus Laus superklausx at gmx.de
Wed Sep 15 16:12:51 CEST 2010


Thanks a lot Alan DeKok, do I have any possibility to permit login only persons with username/password and client certificate?
All authentications methods works fine on my server, but I´ll only permit login with username/password and client certificate. Which code I need to set in users/eap.conf ? 
TLS works fine on my server and the users can login themselves with the client certificate, but I don´t want allow login without username/password, also I don´t want allow logins with username and password but without client certificates.

Best Greetings, misterklaus

-------- Original-Nachricht --------
> Datum: Wed, 15 Sep 2010 10:47:52 +0200
> Von: Alan DeKok <aland at deployingradius.com>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: need help - force EAP-TTLS to validate the server certificate

> Klaus Laus wrote:
> > Hello, I have one question, is it possible to configure my freeradius
> server so that only clients with a ca certificate can login themselves with
> their username and password? I want to configure my freeradius server so
> that the users can only login after the successfully server certificate
> validation.
> > At the moment I use EAP-TTLS for authentication, but the options in the
> clients "servercertificate validation" is optional. I want to use EAP-TTLS
> and force the ca certificate on the clients.
> 
>   You can't force the client to validate the CA cert.  That is a
> configuration which needs to be set on the client.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für nur 19,99 Euro/mtl.!*
http://portal.gmx.net/de/go/dsl



More information about the Freeradius-Users mailing list