Authenticate with both Certificate and password
Alan DeKok
aland at deployingradius.com
Mon Jun 6 14:58:41 CEST 2016
On Jun 6, 2016, at 8:52 AM, jan hugo prins <jhp at jhprins.org> wrote:
> But now I want to have something special in one realm, in this one realm
> I want to do a combination for certificate authentication and MsChapv2
> authentication. This to make sure the user has a valid certificate and
> also knows a valid user-name / password.
>
> Is this possible to configure in FreeRadius?
Yes. But you also need to configure it on the client.
Give the client a certificate. Configure the client to do TTLS. It will work.
It *won't* work on older versions of Windows. This is because they don't do TTLS. They only do PEAP, and they disallow client certificates for PEAP.
> Is this possible in the variety of of WPA-Supplicants used (Apple, Linux
> and Windows)
> Is it possible to do this in just one realm?
>
> If this is possible, could someone point me to some documentations that
> describes this setup?
You've already got 99% of it working. Just configure the client, and it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list