Disabling EAP-TLS while keeping EAP-PEAP
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jun 2 16:15:46 CEST 2007
Martin Gadbois wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required.
>
> How can I disable EAP-TLS while using EAP-PEAP?
Just curious.. why would you want to?
You could try this in "users":
DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject
...but that'll almost certainly break the "negotiate mechanism" bit of
EAP. However if you specify the default eap type as PEAP and the client
rejects that then chooses TLS which you want to stop, rejecting them is
probably not much of a loss.
More information about the Freeradius-Users
mailing list