concurrent TTLS and PEAP usage

Stefan.Neis at t-online.de Stefan.Neis at t-online.de
Wed Aug 31 14:58:08 CEST 2005


        Hi,

> what you are saying is that I should do something like this:
>   
> user_ttls	EAP-Type != PEAP
>   
> that however only prohibits the usage of PEAP for user_ttls while i 
> would like to only enable TTLS for this specific user (which is not 
> quite the same).

Yes, however you said yourself, that you do _not_ want to only enable
TTLS for this specific user since you also obviously need to enable
the inner protocol used inside the tunnel...
Maybe something like if EAP-TYPE isn't EAP-TTLS and FreeRadius-Proxied-To
is not set for user_ttls,t then reject as a first rule and as a second rule
something like if FreeRadius-Proxied-To is set and AuthType isn't PAP then
reject. And similar rules for user_peap.

        Regards,
	        Stefan	






More information about the Freeradius-Users mailing list