Hi, I was wondering if there is a way to configure the radiusd to force the client to present his certificate during EAP-PEAP and EAP-TTLS. (I know this is not necessary, but I need to do it anyways....) I saw an interesting piece of code in eaptls_initiate() which indicates someone was thinking about it: /* * If we're TTLS or PEAP, then do NOT require a client * certificate. * * FIXME: This should be more configurable. */ if (handler->eap_type != PW_EAP_TLS) { vp = pairfind(handler->request->config_items, PW_EAP_TLS_REQUIRE_CLIENT_CERT); if (!vp) { client_cert = FALSE; } else { client_cert = vp->lvalue; } } So it seems like radiusd will force client certificate authentication during PEAP or TTLS if this particular value pair is set with lvalue==1. But I don't see any code where the PW_EAP_TLS_REQUIRE_CLIENT_CERT gets put into the config_items. Can someone "in the know" comment? I am looking at the source code from freeradius-1.0.4 Thanks, Michael