concurrent TTLS and PEAP usage
Stefan.Neis at t-online.de
Stefan.Neis at t-online.de
Wed Aug 31 14:58:08 CEST 2005
Hi,
> what you are saying is that I should do something like this:
>
> user_ttls EAP-Type != PEAP
>
> that however only prohibits the usage of PEAP for user_ttls while i
> would like to only enable TTLS for this specific user (which is not
> quite the same).
Yes, however you said yourself, that you do _not_ want to only enable
TTLS for this specific user since you also obviously need to enable
the inner protocol used inside the tunnel...
Maybe something like if EAP-TYPE isn't EAP-TTLS and FreeRadius-Proxied-To
is not set for user_ttls,t then reject as a first rule and as a second rule
something like if FreeRadius-Proxied-To is set and AuthType isn't PAP then
reject. And similar rules for user_peap.
Regards,
Stefan
More information about the Freeradius-Users
mailing list