[Spam?] Re: FYI, I gave up on eap-tls for OS X and ios.
jtobin at po-box.esu.edu
Sun Apr 2 21:45:38 CEST 2017
This is kind of unnecessary, but:
I would not write to this list with any problems, if I didn’t assume there
were some people Who were an authority on this list.
I work with a number of colleagues who are also well meaning and
knowledgeable on some of these topics.
They forwarded to me the URL:
I was only able to get the video to run on my mac under safari, Firefox
and Crome had problems, so I would recommend safari to view it.
It was put out last year as a security update : about 10 minutes in
it goes over Apples new philosophy about certificates.
With my Colleagues expertise [this is a bit above my head] I am lead to
believe self signed certs [that aren’t logged] will not work.
If there is a work around for this problem or this should not affect free
Sure, tell me I am [once again] incorrect.
I am a part time student who is part of the helpdesk, and the default sys
admin for a small linux lab I have built from spare parts and used
computers for the computer science group at East Stroudsburg University.
I have struggled to get free radius up and running for the lab, and
frankly don’t have time to argue with experts, I am trying to get this lab
running. I struggled with eap-tls on apple products and gave up, that
doesn’t mean it doesn’t work: I think that falls more along the lines of
it wasn’t simple and took more time than I had. If that makes me less than
competent, that’s fair.
I changed the EAP profile for os x to support peap, which works. I am not
using tls currently, that may change.
Thanks for the opportunity to know I am not the expert you are. In future
I may need some of your expertise, so I don’t need to make enemies.
Humble pie has a special flavor all it’s own.
Love you all. [you can smile now].
On 3/30/17, 08:33, "Freeradius-Users on behalf of Alan DeKok"
<freeradius-users-bounces+jtobin=po-box.esu.edu at lists.freeradius.org on
behalf of aland at deployingradius.com> wrote:
>On Mar 29, 2017, at 7:24 PM, John Tobin <jtobin at po-box.esu.edu> wrote:.
>> I have a self signed cert because [ I believe ] that is the test cert
>> get when you install radius.
>> /etc/raddb/cert has a make, you run the make for test certs.
> Yes... we're well aware of that.
>> I have doc that suggests os x and ios will no longer allow self signed
> I use a self-signed CA which issues a server cert every day with OSX
>and iOS. I don't know what magic doc you're reading (and you don't say
>what it is).
>> and it was suggested that I should have a self signed cert for free
>> Radiusd eap-tls.
> Who suggested it? The test certificates (and the process used to
>create them) work on every OS. That's why they exist... so people should
>> The os x machines have no mods for a ³homebrewed² openssl?
> I'm not sure what you mean by that.
> FreeRADIUS will work with the OpenSSL that's distributed with OSX. It
>will complain about the old version, but it will work.
>> I am testing against sierra and elcapitan, and I was also told
> By who? And why do you believe some random document, or some random
>person instead of the experts on this list?
>> I would
>> have to get special versions of openssl for os x at those levels because
>> of problems in opensslŠ
>> You have to implement homebrew openssl installŠ..
> I would suggest using a home-brew version of OpenSSL. It's more up to
>date. But it's not *required*.
> I think I good part of the problem here is that you're reading random
>documentation. I don't know where you're getting that information from,
>but most of it is wrong.
> FreeRADIUS works. The scripts included with it work. The certificates
>it builds work. The documentation in FreeRADIUS is correct.
> Why would you go reading random *wrong* documentation, and ignore the
>*working* and *correct* documentation in front of you?
> i.e. if you're having problems with some third-party documentation, go
>ask *them* why their documentation doesn't work.
> Alan DeKok.
>List info/subscribe/unsubscribe? See
More information about the Freeradius-Users