Ok, I don't understand why my config doens"t work or maybe i've erroe on my client, this my conf : eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 md5 { } leap { } gtc { auth_type = PAP } ..... ..... peap { default_eap_type = mschapv2 virtual_server = "inner-tunnel" use_tunneled_reply = no copy_request_to_tunnel = no } sites-enable/default authorize { preprocess update control { EAP-TLS-Require-Client-Cert = Yes } eap { ok = return } } authenticate { } Auth-Type MS-CHAP { mschap } eap } sites-enable/inner-tunel authorize { eap { ok = return } } authenticate { Auth-Type MS-CHAP { mschap } eap } Thx. 2011/12/20 Alan DeKok <aland@deployingradius.com>
Vincent Guardiola wrote:
I've read documentation and not found responses for my problem.
It is documented.
I wonder if I correctly explain my request
I would like to use a cllient certificats and mschapV2 in the same authentification in PEAP or TTLS Use client certificats for create TLS tunel and after use mschapv2 for authenticate the user It's possible with freeradius or not ?
Yes. Read eap.conf. This is documented.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html