There was a post on this by Mike;
You'll have to set up two instances of the EAP module. The first
instance will have the TLS submodule set up with the information for
Cert1.pem (and the appropriate key and CA cert). The second instance
will have its TLS submodule set with the info for Cert2.pem. It will
look something like this:
modules {
...
eap eap1 {
...
tls {
certificate = Cert1.pem
...
}
}
eap eap2 {
...
tls {
certificate = Cert2.pem
...
}
}
}
authorize {
...
eap1
}
authenticate {
...
eap1
eap2
}
Then, this is one of the few instances where you'll need to manually
specify the Auth-Type in the users file, like this:
DEFAULT Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1
DEFAULT Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2
Or, better yet, use regexes (this should work):
DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1
==================================================
Benjamin K. Eshun
----- Message d'origine ----
De : Don Peoples <[EMAIL PROTECTED]>
À : [email protected]
Envoyé le : Mardi, 29 Mai 2007, 23h27mn 06s
Objet : Multiple server certificates in EAP-TLS or EAP-TTLS
Multiple RADIUS clients can be defined in the clients.conf file. Is there a way
to define the location of a server certificate for each client? I'm envisioning
a single freeRadius server supporting multiple client authenticators. I want
each authenticator to be able to send a unique certificate to identify itself
to its supplicants. It appears that the "certificate_file" parameter in the
eap.conf file would only support a single certificate.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
