concurrent TTLS and PEAP usage

Stefan.Neis at Stefan.Neis at
Wed Aug 31 14:58:08 CEST 2005


> what you are saying is that I should do something like this:
> user_ttls	EAP-Type != PEAP
> that however only prohibits the usage of PEAP for user_ttls while i 
> would like to only enable TTLS for this specific user (which is not 
> quite the same).

Yes, however you said yourself, that you do _not_ want to only enable
TTLS for this specific user since you also obviously need to enable
the inner protocol used inside the tunnel...
Maybe something like if EAP-TYPE isn't EAP-TTLS and FreeRadius-Proxied-To
is not set for user_ttls,t then reject as a first rule and as a second rule
something like if FreeRadius-Proxied-To is set and AuthType isn't PAP then
reject. And similar rules for user_peap.


More information about the Freeradius-Users mailing list