Humm yes, but with this i can use mschapv2 for authenticate or my authentification will be used by client certificat ?<br><br><div class="gmail_quote">2011/12/15 Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk">p.mayers@imperial.ac.uk</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 15/12/11 14:29, Vincent Guardiola wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
I have just one question about client certificats with EAP-TTLS or EAP-PEAP.<br>
<br>
I would like use certificats client with authentication MSCHAPv2 it's<br>
possible ?<br>
</blockquote>
<br></div>
Yes. This is documented in the "eap.conf":<br>
<br>
# You can make PEAP require a client cert by setting<br>
#<br>
# EAP-TLS-Require-Client-Cert = Yes<br>
#<br>
# in the control items for a request.<br>
<br>
In the *outer* tunnel, do this:<br>
<br>
authorize {<br>
...<br>
update control {<br>
EAP-TLS-Require-Client-Cert = Yes<br>
}<br>
...<br>
eap<br>
}<br>
<br>
I know it says EAP-TLS; ignore that. It will make the PEAP client send a client cert.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/<u></u>list/users.html</a><br>
</blockquote></div><br>