I've been trying to
get the EAP-TLS going but I haven't been able to figure out what need to so be
use for the trusted CA list.
How do I generate
this file? I used OpenSSL to generate the keys.
thanx..../doug
-------------------
#
Extensible Authentication Protocol
#
# For all EAP related authentications
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received
default_eap_type = tls
#
# For all EAP related authentications
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received
default_eap_type = tls
# Default expiry time to clean the EAP
list,
# It is maintained to co-relate the
# EAP-response for each EAP-request sent.
timer_expire = 60
# It is maintained to co-relate the
# EAP-response for each EAP-request sent.
timer_expire = 60
# Supported
EAP-types
md5 {
}
md5 {
}
## FIXME: EAP-TLS is highly experimental EAP-Type at the moment.
# Please give
feedback.
tls {
private_key_password = xxxxxxx
tls {
private_key_password = xxxxxxx
private_key_file = /etc/1x/sparcy-cert-srv.pem
####
KEYS GENERATED FROM THE OPENSSL CERT AUTHORITY
# Sometimes Private key & Certificate are located
# in the same file, then private_key_file & certificate_le
# must contain the same file name.
certificate_file = /etc/1x/sparcy-cert-srv.pem
# Trusted Root CA
list
# CA_file = /path/filename
CA_file = /etc/1x/r/CA.pam
######## HERE IS THE PROBLEM ABOVE
# CA_file = /path/filename
CA_file = /etc/1x/r/CA.pam
######## HERE IS THE PROBLEM ABOVE
######## RADIUSD LOG SHOWS EAP WON'T INITIALIZE CANT
READ TRUSTED CA FILE.
######## WHERE DOES ONE GET THIS
FILE?
dh_file =
/etc/1x/r/dh
random_file = /etc/1x/r/random
random_file = /etc/1x/r/random
