Hi, nikitha george wrote on 09.01.2008 10:04: > Hi, > I want to enable only TTLS authentication and if the client is > requesting any other types EAP-TLS or PEAP the authentication should be > denied.
within the eap section you must configure the tls and the ttls section. Delete the peap section. > I am running freeradius-1.1.6, and if try to disable EAP-TLS module the > server itself is not starting up. > Please let me know if there are any ways to achieve this. Then to disable the eap-tls functionality you must create an *empty* directory e.g. ${raddbdir}/certs/trustedCAsForRoamingClients/ and then within the tls section define CA_path = ${raddbdir}/certs/trustedCAsForRoamingClients/ Also you must remove the definition of the parameter CA_file = This way you don't have any accepted CAs in your config that are trusted CAs for issued client certificates for eap-tls authentication Make sure though that you put the radius server certificate and its CA chain including the root CA certificate in PEM format into the file specified with the certificate_file option in the tls section. HTH -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstr. 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html