PEAP/TTLS
Peter Lesko
plesko at blispay.com
Fri Sep 23 21:20:29 CEST 2016
I'm having a similar issue to the one described here:
http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-td3238845.html
Currently, I can auth with just a signed cert, or just username/password
I would like to enforce both, but I have been unable to determine the
correct keywords/config after reading many forum posts, in addition to the
comments provided in the default configuration
I have attempted to add this config line to enforce signed certs in
sites-available/default:
EAP-TLS-Require-Client-Cert = yes
This causes freeradius not to start for me though, and I'm pretty certain I
have tried putting that in each block present in the file
As for requiring user/password auth, I have tried:
DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject
Which causes freeradius to fail to load
DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject
Which still allows EAP-TLS only
DEFAULT EAP-Type != PEAP, Auth-Type := Reject
Which still allows EAP-TLS only as well
Please advise
Thanks in advance,
-Pete
More information about the Freeradius-Users
mailing list