Troubleshooting EAP-TLS with External Certificates
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Thu Aug 25 11:52:04 CEST 2016
hi,
1. Installed/Configured CentOS 7 (CentOS7-x86_64-1511)
a. Disabled SELinux
b. Disabled firewalld
first steps. turn those back on - and configure them correctly as required
(read firewalld and selinux docs as required).
>Are there any steps I've missed? Do I need to keep the 'dh' in /certs/?
now you have a working system, start to comment/remove things out of it that you dont need -
thinking PAP and plain CHAP etc methods. weak, insecure. use the permit_only_eap policy in your virtual server auth {} section to ensure only EAP requests are coming to it.
of course you need the DH file - its part of the process.
what cert are you using? still a local one or a public one? I would advise keeping with local
one....you talk about importing it to client, so that suggests its not one of the big public ones... good.
you talk about EAP-TLS...but your post only mentioned doing basic PAP and PEAP test - please dont
confuse terminology.. you havent tested a client cert yet - which is probably important if you ARE
doing EAP-TLS....
alan
More information about the Freeradius-Users
mailing list