On Jun 6, 2016, at 8:52 AM, jan hugo prins <jhp@jhprins.org> wrote:
But now I want to have something special in one realm, in this one realm I want to do a combination for certificate authentication and MsChapv2 authentication. This to make sure the user has a valid certificate and also knows a valid user-name / password.
Is this possible to configure in FreeRadius?
Yes. But you also need to configure it on the client. Give the client a certificate. Configure the client to do TTLS. It will work. It *won't* work on older versions of Windows. This is because they don't do TTLS. They only do PEAP, and they disallow client certificates for PEAP.
Is this possible in the variety of of WPA-Supplicants used (Apple, Linux and Windows) Is it possible to do this in just one realm?
If this is possible, could someone point me to some documentations that describes this setup?
You've already got 99% of it working. Just configure the client, and it will work. Alan DeKok.