different EAP methods for different users

Stefano Zanmarchi zanmarchi at gmail.com
Fri Nov 9 17:00:43 CET 2012


Thanks!


On Fri, Nov 9, 2012 at 3:12 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Stefano Zanmarchi wrote:
> > we're currently supporting only PEAP, that is we base our security on
> > passwords.
> > We'd like to introduce higher security for a limited set of users this
> way:
> > 1. support both PEAP and EAP/TTLS
> > 2. configure freeradius to authenticate these users (stored in a local
> > table)
> >    *only* if they use EAP/TTLS. They should *not* be authenticated if
> >    they used PEAP.
>
>   Put the users into a group.  Then, in the "authorize" section, after
> "eap", do:
>
>
>     if ((EAP-Type == PEAP) && (My-Group == "notpeap")) {
>         reject
>     }
>
>   See "man rlm_passwd" for examples of creating a group.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121109/f1a0ec8e/attachment.html>


More information about the Freeradius-Users mailing list