iOS mysterious issues on Freeradius 3.0.14

John Tobin jtobin at
Mon Mar 27 02:22:04 CEST 2017

What doc?
What I find is in google [sorry, all I could find, no radiusd document
came upŠ.] is below.
No it doesn¹t work, problem hasn¹t changed, I am version radiusd 3.0.11,
the vars I see are actually ca_file and ca_path | not CA_file and CA_path,
but what do I know?

I put back the original so I can run the windows clients.

Is there some other place I am not looking?


I lookup in google and I get:

Which says:

		Jun 18, 2007; 6:09am
		Re: Disabling EAP-TLS while keeping EAP-PEAP

	36 posts
				In reply to this post
P-PEAP-tp2761895.html> by Martin Gadbois
By commenting the CA_file parameter in the eap->tls section:

# CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem
by setting CA_path parameter in the eap->tls section to an *empty*

CA_path = ${raddbdir}/certs/trustedCAs

should do the trick.
No trusted CAs mean no trusted client certificates :-)
Martin Gadbois wrote:
> When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required.
> How can I disable EAP-TLS while using EAP-PEAP?
> I agree that if the client does not have a client key, EAP-TLS will not
> work. But how to restrict EAP-TLS in any case?


Beste Gruesse / Kind Regards

On 3/23/17, 20:41, "Freeradius-Users on behalf of Alan DeKok"
< at on
behalf of aland at> wrote:

>On Mar 23, 2017, at 8:00 PM, John Tobin <jtobin at> wrote:
>> Sorry, still lost:
>  If you want to disable tls 1.2, you follow the documentation and
>examples to disable it.
>  What part of that is unclear?
>> If you want to take this discussion off line because it is somewhat
>> security sensitive, I am jtobin at
>  Questions belong on the list.
>  Alan DeKok.
>List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list