17 May
2012
17 May
'12
8:33 a.m.
On 17/05/12 12:18, David Peterson wrote:
They are currently using EAP-TTLS. I tried to add something in last night but either the lateness of the evening or my skills were not up to par. Where would you add the access-accept?
Something like this in "sites-available/inner-tunnel": authorize { ... # check the username, and also check the request is PAP # i.e. there's a User-Password sent from the client if ((User-Name == permit) && (User-Password)) { update control { Auth-Type := Accept } } ... } There are other variants; the list of users could be in SQL, LDAP, files, etc.