Disable PEAP-TLS but allow PEAP

Cotton, Jesse Jesse.Cotton at stockton.edu
Tue Aug 14 17:50:58 CEST 2012

Thanks alan. I tried that at some point but FR threw an error about the cert not matching the private key. Tried again and switched the order of the certs so the server cert is the first in the file and works like a champ.

-----Original Message-----
From: freeradius-users-bounces+jesse.cotton=stockton.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jesse.cotton=stockton.edu at lists.freeradius.org] On Behalf Of alan buxey
Sent: Tuesday, August 14, 2012 11:38 AM
To: FreeRadius users mailing list
Subject: Re: Disable PEAP-TLS but allow PEAP

> That was a typo. I meant EAP-TLS.

this is easy to fix.

concatenate your RADIUS server and CA (and any intermediates) into one file.

call that file in the

certificate_file =


then comment out

CA_file =

this is clearly documented:

			#  This parameter is used only for EAP-TLS,
			#  when you issue client certificates.  If you do
			#  not use client certificates, and you do not want
			#  to permit EAP-TLS authentication, then delete
			#  this configuration item.

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list