only accept PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"

[Vieri]

Hi,

I setup freeradius to accept authentications using PEAP-MSCHAPv2 with client certificates via "EAP-TLS-Require-Client-Cert = Yes".

However, clients who authenticate via EAP-TLS also succeed.

How can I reject all auth types except PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"?
(ie. I require both client certificates and username/password.)

Thanks,

Vieri