>>- and how, exactly, does the EAP tunnel get set up if you dont >>have a common certificate to enable such a construct? you've got >>to have a CA - and, if done properly, you've got to have the validate >>check as well! > > >Suppose a person who comes from outside the company, and wants to >connect to my network, do not have the certificates.
Exactly. And they shouldn't be able to connect. That is the whole idea of self-signed certificates. If someone from outside should have access, you can email him the certificate and he will be able to connect. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
