Hi
This question is rather a certificate question but ... How does EAP-TLS certificate authentification work?
As I know the server sends his certificate first with his public key to the client.
The client sends his certificate to the radius server.
I had first the username of the client (identity string of EAP) in the users file.
My client is authorized.
Than I deleted the user and the client is still accepted.
How can I restrict the clients?
Does it mean that every generated certificate which is not revoked can be used
i.e. is authorized?
The same is for the server side. How can I guaranty I'm on the right server if I don't have the server certificate on the client (supplicant) side?
In the wpa_supplicant config file there are "talking" about Phase1 (outer authentication)
and Phase2 (inner authentication) but only for EAP-PEAP or EAP-TTLS and it says
"Following certificate/private key fields are used in inner Phase2"
I'm really confused.
Is there any good beginner docu about certificate authentification and EAP-TLS works.
But please not rfc 2246 ...
I'm working with freeradius-1.0.2, wpa_supplicant-0.3.8 as Supplicant and a Linsys WRT54G as NAS.
Thanks a lot
Beat
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
