31 Aug
2005
31 Aug
'05
8:58 a.m.
Hi,
what you are saying is that I should do something like this:
user_ttls EAP-Type != PEAP
that however only prohibits the usage of PEAP for user_ttls while i would like to only enable TTLS for this specific user (which is not quite the same).
Yes, however you said yourself, that you do _not_ want to only enable TTLS for this specific user since you also obviously need to enable the inner protocol used inside the tunnel... Maybe something like if EAP-TYPE isn't EAP-TTLS and FreeRadius-Proxied-To is not set for user_ttls,t then reject as a first rule and as a second rule something like if FreeRadius-Proxied-To is set and AuthType isn't PAP then reject. And similar rules for user_peap. Regards, Stefan