iOS mysterious issues on Freeradius 3.0.14

John Tobin jtobin at po-box.esu.edu
Mon Mar 27 02:22:04 CEST 2017 

What doc?
What I find is in google [sorry, all I could find, no radiusd document
came upŠ.] is below.
No it doesn¹t work, problem hasn¹t changed, I am version radiusd 3.0.11,
the vars I see are actually ca_file and ca_path | not CA_file and CA_path,
but what do I know?

I put back the original so I can run the windows clients.

Is there some other place I am not looking?

Sincerely,
tob

I lookup in google and I get:

http://freeradius.1045715.n5.nabble.com/Disabling-EAP-TLS-while-keeping-EAP
-PEAP-td2761895.html

Which says:


		Jun 18, 2007; 6:09am
	
					
		Re: Disabling EAP-TLS while keeping EAP-PEAP
	
				
			
		
		
			
				
					
		
			 
<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=use
r_nodes&user=108414>

	
	
		
	
	
	
	36 posts
	
				
				
					
	
	
				In reply to this post
<http://freeradius.1045715.n5.nabble.com/Disabling-EAP-TLS-while-keeping-EA
P-PEAP-tp2761895.html> by Martin Gadbois
			
	
		Hi!
By commenting the CA_file parameter in the eap->tls section:

# CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem
*and*
by setting CA_path parameter in the eap->tls section to an *empty*
directory

CA_path = ${raddbdir}/certs/trustedCAs

should do the trick.
No trusted CAs mean no trusted client certificates :-)
Martin Gadbois wrote:
> When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required.
>
> How can I disable EAP-TLS while using EAP-PEAP?
>
> I agree that if the client does not have a client key, EAP-TLS will not
> work. But how to restrict EAP-TLS in any case?


-- 

Beste Gruesse / Kind Regards


On 3/23/17, 20:41, "Freeradius-Users on behalf of Alan DeKok"
<freeradius-users-bounces+jtobin=po-box.esu.edu at lists.freeradius.org on
behalf of aland at deployingradius.com> wrote:

>On Mar 23, 2017, at 8:00 PM, John Tobin <jtobin at po-box.esu.edu> wrote:
>> 
>> Sorry, still lost:
>
>  If you want to disable tls 1.2, you follow the documentation and
>examples to disable it.
>
>  What part of that is unclear?
>
>> If you want to take this discussion off line because it is somewhat
>> security sensitive, I am jtobin at po-box.esu.edu.
>
>  Questions belong on the list.
>
>  Alan DeKok.
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list