Hi,
But now I want to have something special in one realm, in this one realm I want to do a combination for certificate authentication and MsChapv2 authentication. This to make sure the user has a valid certificate and also knows a valid user-name / password.
Is this possible to configure in FreeRadius? Yes. But you also need to configure it on the client.
Give the client a certificate. Configure the client to do TTLS. It will work.
It *won't* work on older versions of Windows. This is because they don't do TTLS. They only do PEAP, and they disallow client certificates for PEAP. I have een looking on my Linux workstation and so far I only found the option to put certificates in the TLS config, and in the TLS config I can't include username / password credentials. I'm going to try what happens if I modify the config files manually to include certificates besides Username / Password credentials.
Is this possible in the variety of of WPA-Supplicants used (Apple, Linux and Windows) Is it possible to do this in just one realm?
If this is possible, could someone point me to some documentations that describes this setup? You've already got 99% of it working. Just configure the client, and it will work.
Ok, that sounds really good, but then my second question: How do I force the client to use this kind of authentication. Because a the moment both Cert and username / password work, so no one is forcing to client to do both. Server-side, I have to make sure that arriving with just one of the 2 methods is not enough. Jan Hugo