only accept PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"
Hi, I setup freeradius to accept authentications using PEAP-MSCHAPv2 with client certificates via "EAP-TLS-Require-Client-Cert = Yes". However, clients who authenticate via EAP-TLS also succeed. How can I reject all auth types except PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"? (ie. I require both client certificates and username/password.) Thanks, Vieri
Vieri wrote:
I setup freeradius to accept authentications using PEAP-MSCHAPv2 with client certificates via "EAP-TLS-Require-Client-Cert = Yes".
However, clients who authenticate via EAP-TLS also succeed.
How can I reject all auth types except PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"? (ie. I require both client certificates and username/password.)
Put this in the "users" file: DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject Alan DeKok.
participants (2)
-
Alan DeKok -
Vieri