--- On Thu, 10/22/09, Vieri <rentorbuy@yahoo.com> wrote:
From: Vieri <rentorbuy@yahoo.com> Subject: Re: PEAP + EAP-TLS: client certificates To: freeradius-users@lists.freeradius.org Date: Thursday, October 22, 2009, 9:05 AM
--- On Thu, 10/22/09, Ivan Kalik <tnt@kalik.net> wrote:
If I install a self-signed certificate on another Windows client and connect via EAP-TLS then I can connect without having to use an Active Directory user, as expected.
I'm wondering if I can *require* both a certificate on the client machine AND an AD user authentication. In other words, how can I *require* PEAP-EAP-TLS? (currently, my freeradius configuration seems to require PEAP OR EAP-TLS)
Freeradius version: 2.0.5
Don't know about that version. It should say how to require certificates for peap in eap.conf above peap section.
Is this the option? EAP-TLS-Require-Client-Cert = Yes I'm not sure where I should place it.
If in eap.conf I have: peap { ... virtual_server = "inner-tunnel" } then maybe I should edit sites-available/inner-tunnel and add: server inner-tunnel { ... authorize { ... update control { ... EAP-TLS-Require-Client-Cert = Yes } } } Is this correct?