1. That's not how certificates work. You add those that you want to PREVENT from connecting (for whatever reason) to Certificate Revocation List (CRL). You suposedly do have control over who are certificates issued to. If you have no control over CA then you shouldn't be using them.
2. Is anything (reading config files etc.) written to the log when you restart the server? Ivan Kalik Kalik Informatika ISP Dana 29/5/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše: >Hi > 1 I know its eap-tls and certificate based. >Earlier i was using Navis radius .In that for eap-tls we have to add >certificate name to a specific user file. > Like that here also user file is there can i make use of the user file so > that only that user get authenticated, > > 2 Logs are not happening.In config changes required to get the same? >Regards >Anoop > >> >> >> Message: 2 >> Date: Mon, 28 May 2007 15:07:06 +0100 >> From: <[EMAIL PROTECTED]> >> Subject: Re: log file for free radius 1.1.6 eap-tls authentication >> To: \"FreeRadius users mailing list\" >> <[email protected]> >> Message-ID: <[EMAIL PROTECTED]> >> Content-Type: text/plain; charset=ISO-8859-2 >> >> This is EAP-TLS. This user has a valid user certificate and is >> accepted. >> If you don\'t want to go via certificates but use user/password, use >> EAP-TTLS with MS-CHAPv2 (or PAP or any other auth protocol). >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
