EAP-TTLS/EAP-PEAP Certificats

Vincent Guardiola vguar99 at gmail.com
Thu Dec 15 16:12:06 CET 2011


Humm yes, but with this i can use mschapv2 for authenticate or my
authentification will be used by client certificat ?

2011/12/15 Phil Mayers <p.mayers at imperial.ac.uk>

> On 15/12/11 14:29, Vincent Guardiola wrote:
>
>> Hi all,
>>
>> I have just one question about client certificats with EAP-TTLS or
>> EAP-PEAP.
>>
>> I would like use certificats client with authentication MSCHAPv2 it's
>> possible ?
>>
>
> Yes. This is documented in the "eap.conf":
>
> #  You can make PEAP require a client cert by setting
> #
> #       EAP-TLS-Require-Client-Cert = Yes
> #
> #  in the control items for a request.
>
> In the *outer* tunnel, do this:
>
> authorize {
>  ...
>  update control {
>  EAP-TLS-Require-Client-Cert = Yes
>  }
>  ...
>  eap
> }
>
> I know it says EAP-TLS; ignore that. It will make the PEAP client send a
> client cert.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111215/c2961197/attachment.html>


More information about the Freeradius-Users mailing list