Hello, I want to set up a radius server which authenticates users only once they provide their username, password AND client certificate. Now, I've managed to get this to work, my only problem is that as TTLS and PEAP use TLS, the TLS module must be enabled and configured. By doing so, users can also log in with just a client certificate. My real question here is: Is it possible to somehow force everyone to use PEAP or TTLS with a client certificate, while rejecting users trying to connect purely through TLS with only a client certificate? Kind regards, Remy -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-tp... Sent from the FreeRadius - User mailing list archive at Nabble.com.