Help in moving FR1.x to 3.x EAP-TLS setup.

Alan DeKok aland at
Wed May 29 23:04:28 CEST 2019

On May 29, 2019, at 4:55 PM, Gregory Sloop <gregs at> wrote:
> The web page you point to isn't very helpful for EAP-TLS - at least the config portion, which is what I'm having issues with.

  It's not that more complex.  Configure the server / CA certificate as described in the web page.  Issue a client certificate using the CA.  It *will* work.

  If you use eapol_test as described in that page, it's simple to add client configurations for EAP-TLS.  In v3, sample configuration for eapol_test are in src/tests/eap*.conf

> But that said, I did get it working with the "old" eap config.
> However, I need some guidance in putting that into the new config layout/style.
> It looks like the eap section is pretty much unchanged, except for hollowing out tls{} and moving it all into tls-common{} and pointing the tls section at tls-common.

  Mostly, yes.

> Otherwise the config appears unchanged, really.
> So, does this look about right?

  It's not really useful to read detailed configurations.

a) did you copy the values from the old config to the new config?

b) does it work when you test it?

  If so it's fine.

  Alan DeKok.

More information about the Freeradius-Users mailing list