Help with configuring client certificates for peap or ttls
Matthew Newton
mcn at freeradius.org
Fri Sep 15 09:49:07 CEST 2017
On 15 September 2017 08:40:20 BST, Vacheslav <m_zouhairy at skno.by> wrote:
>
>>I have free radius 3.0.14 and I managed to authenticate using peap and
>>ttls using the self signed server certificate. I tried to push it
>>further with requiring client certificates but that didn't work.
>
>>Pretty much no supplicants support using client certificates with PEAP
>or >EAP-TTLS, so unfortunately it won't work. I think wpa-supplicant is
>the only >one that will.
>Thank you very much for clearing this up, I struggled days and was sure
>it's a bug.
You're not the only one... :(
> I'm using wired dot1x so wpa isn't an option as I think that's for wireless.
It's the same supplicant used for both.
>>For client certificates on Windows you have to use EAP-TLS.
>I wanted them to have a certificate + username and password,
Yes, using both together is not currently possible.
--
Matthew
More information about the Freeradius-Users
mailing list