I'm having a similar issue to the one described here: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-td... Currently, I can auth with just a signed cert, or just username/password I would like to enforce both, but I have been unable to determine the correct keywords/config after reading many forum posts, in addition to the comments provided in the default configuration I have attempted to add this config line to enforce signed certs in sites-available/default: EAP-TLS-Require-Client-Cert = yes This causes freeradius not to start for me though, and I'm pretty certain I have tried putting that in each block present in the file As for requiring user/password auth, I have tried: DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject Which causes freeradius to fail to load DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject Which still allows EAP-TLS only DEFAULT EAP-Type != PEAP, Auth-Type := Reject Which still allows EAP-TLS only as well Please advise Thanks in advance, -Pete