Re: Conf PEAP
Martin Silvero wrote: I am configuring PEAP and there is not much information about it, http://deployingradius.com There is a complete and detailed set of instructions for configuring EAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Conf PEAP
[peap] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A But your problem has nothing to do with the user. You haven't imported the ca certificate onto the users machine. At least not the correct one. but, if I want the user´s don´t use certificates and only use user pass whit PEAP ¿is posible? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Conf PEAP
Hi, but, if I want the user´s don´t use certificates and only use user pass whit PEAP ¿is posible? - and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Conf PEAP
- and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well! Suppose a person who comes from outside the company, and wants to connect to my network, do not have the certificates. through PEAP can I give you access with a username and password without install certificates? What I suggest? () - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Conf PEAP
-Original Message- From: freeradius-users- bounces+jmdanner=samford@lists.freeradius.org [mailto:freeradius- users-bounces+jmdanner=samford@lists.freeradius.org] On Behalf Of Martin Silvero Sent: Thursday, December 18, 2008 8:31 AM To: freeradius-users@lists.freeradius.org Subject: Re: Conf PEAP - and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well! Suppose a person who comes from outside the company, and wants to connect to my network, do not have the certificates. through PEAP can I give you access with a username and password without install certificates? What I suggest? We opted to purchase a Verisign cert for our FreeRadius server. Verisign is recognized as a trusted root by most OS's. There are less expensive certs available, but you'll definitely need a commercial cert to address your concerns. Mearl () - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Conf PEAP
- and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well! Suppose a person who comes from outside the company, and wants to connect to my network, do not have the certificates. Exactly. And they shouldn't be able to connect. That is the whole idea of self-signed certificates. If someone from outside should have access, you can email him the certificate and he will be able to connect. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Conf PEAP
I am configuring PEAP and there is not much information about it, Maily because there is nothing to configure. It just works with default configuration. Should I add a user in the user file alone? That's best for testing - user entry at the top of the users file. If default is configured with EAP, what should I modify another file? Nothing. [peap] TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A But your problem has nothing to do with the user. You haven't imported the ca certificate onto the users machine. At least not the correct one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html