Thanks alan. I tried that at some point but FR threw an error about the cert not matching the private key. Tried again and switched the order of the certs so the server cert is the first in the file and works like a champ.
-----Original Message----- From: freeradius-users-bounces+jesse.cotton=stockton....@lists.freeradius.org [mailto:freeradius-users-bounces+jesse.cotton=stockton....@lists.freeradius.org] On Behalf Of alan buxey Sent: Tuesday, August 14, 2012 11:38 AM To: FreeRadius users mailing list Subject: Re: Disable PEAP-TLS but allow PEAP Hi, > That was a typo. I meant EAP-TLS. this is easy to fix. concatenate your RADIUS server and CA (and any intermediates) into one file. call that file in the certificate_file = line then comment out CA_file = this is clearly documented: # This parameter is used only for EAP-TLS, # when you issue client certificates. If you do # not use client certificates, and you do not want # to permit EAP-TLS authentication, then delete # this configuration item. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
