concurrent TTLS and PEAP usage

Artur Hecker hecker at
Tue Aug 30 19:27:30 CEST 2005


Stefan.Neis at wrote:
>>we naively try to specify EAP-Type == PEAP for user_peap
>>and == TTLS for 
>>user_ttls but that breaks both methods (which seems
>>normal since this 
>>EAP-Type definition is not correct for the internal EAP
>>method which 
>>however uses the same user name).
> Why not almost just as naively do the check vice versa:
> If it's user_ttls and EAP-Type == PEAP, set Auth-Type
> explicitly to reject?

what you are saying is that I should do something like this:

user_ttls	EAP-Type != PEAP

that however only prohibits the usage of PEAP for user_ttls while i 
would like to only enable TTLS for this specific user (which is not 
quite the same).


More information about the Freeradius-Users mailing list