Thanks for your replies. Please see my responses below.
On 3/8/07, Michael Griego <[EMAIL PROTECTED]> wrote:
> Why exactly do you want to do this instead of using standardized EAP-
Ok I will check if i can use EAP-TLS.
>You'll have to write your own code upates to FreeRADIUS, and I
> know of *no* supplicants that will operate in this fashion. Seems
> like a lot more trouble than using what's already there, especially
> when you get into situations like where the certificate won't fit
> into one EAPOL packet, which is constrained by the MTU.
Say if i use EAP-TLS then is the NAS supposed to store the certificate
of the supplicant.
I think the certificate must alway come from the supplicant. But then
if we have a problem with the MTU, then supplicant stored certificates
cannot be used with EAP-TLS.
> On Mar 7, 2007, at 12:53 PM, Diameter K wrote:
> > Hi All,
> > I want to configure free-radius to handle a simple EAP
> > described below.
> > 1. Radius receives a IDENTITY message. The IDENTITY message
> > contains a encrypted certificate.
> > 2. The server decrypts and validates the Certificate and send out a
> > EAP-Success or EAP-Failure.
> > Is there any way i can configure freeradius to achieve this flow or
> > would i have to modify the code. As i understand the standard
> > flows are much more complicated(with challenge), which i dont want.
> > Thanks & Regards,
> > Shiv
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> > users.html
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html