need help - force EAP-TTLS to validate the server certificate
superklausx at gmx.de
Wed Sep 15 16:12:51 CEST 2010
Thanks a lot Alan DeKok, do I have any possibility to permit login only persons with username/password and client certificate?
All authentications methods works fine on my server, but I´ll only permit login with username/password and client certificate. Which code I need to set in users/eap.conf ?
TLS works fine on my server and the users can login themselves with the client certificate, but I don´t want allow login without username/password, also I don´t want allow logins with username and password but without client certificates.
Best Greetings, misterklaus
-------- Original-Nachricht --------
> Datum: Wed, 15 Sep 2010 10:47:52 +0200
> Von: Alan DeKok <aland at deployingradius.com>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: need help - force EAP-TTLS to validate the server certificate
> Klaus Laus wrote:
> > Hello, I have one question, is it possible to configure my freeradius
> server so that only clients with a ca certificate can login themselves with
> their username and password? I want to configure my freeradius server so
> that the users can only login after the successfully server certificate
> > At the moment I use EAP-TTLS for authentication, but the options in the
> clients "servercertificate validation" is optional. I want to use EAP-TTLS
> and force the ca certificate on the clients.
> You can't force the client to validate the CA cert. That is a
> configuration which needs to be set on the client.
> Alan DeKok.
> List info/subscribe/unsubscribe? See
GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für nur 19,99 Euro/mtl.!*
More information about the Freeradius-Users