Module eap - attributes ca_file and ca_path

Matthew Newton mcn at freeradius.org
Fri Nov 24 12:46:25 CET 2017


On Fri, 2017-11-24 at 11:58 +0100, Jérôme BERTHIER wrote:
> And so, if we do NOT want to permit EAP-TLS authentication, we have
> to :
> 
> - comment out the attributes ca_file AND ca_path
> 
> - concatenate the server certificate and the CA certificate (as 
> explained in comments)

To disable EAP-TLS, just comment out the entire tls{} section in mods-
available/eap.

You can comment out the CA options in tls-common as well if you want,
but it should not be necessary.

-- 
Matthew



More information about the Freeradius-Users mailing list