Zolotov, Eyal wrote:
> By ‘mutual authentication’ I refer to the following authentication process:
>
> 1. The client authenticate the server
Give the client the CA cert used to sign the server cert.
> 2. The server authenticate the client
Create a client cert, signed by the server cert.
> 3. Only than – the clients sends username + password using MSCHAPv2
In unlang, set:
update control {
EAP-TLS-Require-Client-Cert = yes
}
This forces the server to validate the client cert, which is normally
not required for TTLS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
