Sven 'Darkman' Michels wrote: > ...The > only problem i had was "where to force the client cert when using > eap/tls"
EAP-TLS *always* uses a client cert. > which seems to work except that the cisco client simply don't offer a > cert when using ttls. As far as i know, this requirement is not often > met at any client (you posted some note about a while ago...) Yes. > so we're > calling cisco today to clearify how we can do maschine and user > authentification with forced clientcert (i can only do ttls for > maschine AND user/pw auth and not doing like tls for maschine and ttls > for user/pw - their client doesn't support that - the new client just > crashes when the server requires a cert, horray ;). Nice! > Thanks for your help so far - the main issue was the old freeradius as > it seems... Yes. Upgrading is usually a good idea. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
