Requesting guidance to understand all moving parts for RadSec + EAP-TLS

[Yoann Gini]

Hello,

As said on the other thread, I’m trying to use RadSec to provide EAP-TLS authentication for remote site. I’m mainly a NPS user during last years, it’s been a while since I haven’t used Freeradius.

I’m a little bit lost in the set of configuration to do here, especially since some parts seems redundant between RadSec and EAP-TLS.

Especially, I will have different intermediate certificates authority to authenticate access points on one side and wireless client on the other.

Also, the configuration for EAP-TLS will need to be PKI based only (authenticate and authorize if certificate based authentication works and if the certificate is not revoked). No per-user authorization expected, and the FreeRadius server is expected to not know the list of valid users, solely relying on PKI for that.

So if someone can lead me to a clean article about the use of RadSec + EAP-TLS in FreeRadius, or if someone can take the time to explain it to me, I’m really interested.

Thanks a lot