freeRADIUS 3.0.4, NetworkManager 1.0.6-27.el7, and wpa_supplicant v2.0 client side cert issues?

John Teasley ollieteasley at gmail.com
Wed Feb 10 01:52:53 CET 2016


Thanks.

Ollie Teasley
Linux Administrator
ISMELL.SHOES, LLC


On Tue, Feb 9, 2016 at 6:47 PM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:

> On Tue, Feb 09, 2016 at 06:39:10PM -0600, John Teasley wrote:
> > 6. PROBLEM, I don't want a private CA set globally. A vpn connection does
> > not do this when using
> >     private CA. Also, wpa_supplicant works with out the CA being imported
> > into the global store.
>
> Ask the NetworkManager guys where they look for the root CA and if
> it's configurable? That's not really a FreeRADIUS problem.
>
> > 7. I REALLY DONT LIKE THE SELF SIGNED / PRIVATE CA GLOBALLY.
> >
> > Does anyone see any obvious mistakes in what a described above?
>
> With EAP-TLS you are always going to have to install the private
> root CA on the clients. It just happens with wpa_supplicant you are
> configuring it to look where you want it to.
>
> EAP-TLS depends on running a certificate infrastructure.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list