Freeradius and OpenLDAP certificates
Alan DeKok
aland at deployingradius.com
Tue Oct 3 14:39:37 UTC 2023
On Oct 3, 2023, at 10:34 AM, Stefan Kania <stefan at kania-online.de> wrote:
> That's what I did. I put the ca-certificat and the key into the subdirectory certs/ that is working :-). But now I wold like to use client certificates instead of username+password. So both, the server certificate and the client-certificate are from the same CA. So the client sends it's certificate to the radius-server and the server checks wther the certifcate belongs to the client or not and checks that the certificate is valide with the root-certificate of my ca. Is this right?
Yes. That's common across all uses of TLS and client certificates. There's nothing special about how RADIUS uses client certs.
> But what I'm looking for ist how to configure freeradius to only use certificates and not username+password. Or did I understood this txpe of authentication totally wrong :-(
Don't configure FreeRADIUS to do password lookups.
Configure the client to use EAP-TLS, and there won't *be* passwords in the RADIUS packets.
Alan DeKok.
More information about the Freeradius-Users
mailing list