Module eap - attributes ca_file and ca_path

Jérôme BERTHIER Jerome.Berthier at inria.fr
Fri Nov 24 18:04:33 CET 2017


Le 24/11/2017 à 12:46, Matthew Newton a écrit :
> On Fri, 2017-11-24 at 11:58 +0100, Jérôme BERTHIER wrote:
>> And so, if we do NOT want to permit EAP-TLS authentication, we have
>> to :
>>
>> - comment out the attributes ca_file AND ca_path
>>
>> - concatenate the server certificate and the CA certificate (as
>> explained in comments)
> To disable EAP-TLS, just comment out the entire tls{} section in mods-
> available/eap.
>
> You can comment out the CA options in tls-common as well if you want,
> but it should not be necessary.
>

Sorry I was confused about old setup from Freeradius 1.x when the tls 
section was mandatory for TTLS and PEAP.

Now, to do TTLS and PEAP without tls, I note that we just have to :

- setup the section tls-config tls-common {} where we can as well use 
ca_file or ca_path or concatenate server and CA certificate.

- disable the section tls {}

Thanks you for your answer

Regards,

-- 
Jérôme BERTHIER


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3670 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171124/1c156566/attachment.bin>


More information about the Freeradius-Users mailing list