problem to forcing TLS and reject PEAP
Mauro Screti
mauro.screti at poste.it
Wed Jun 24 15:23:50 CEST 2009
Hi all,
i need to authenicate in wireless network only users that use eap-tls as
method, and reject the same user that try in peap.
I just use Huntgroup for filtering the users, but the same username can
be used in wired network with PEAP and in wireless netwok by TLS.
I insert in my users file this configuration item:
DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == PEAP,
Auth-Type := Reject
DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == TLS
Fall-Through = No
DEFAULT Ldap-Group == "user", Huntgroup-Name == user
Fall-Through = No
The fist DEFAULT should reject the request if the EAP-type is PEAP,
while the second DEFAULT should accept only the request if the EAP is
TLS .... i think :-))
but during the test i note that if i force wifi in PEAP, the request is
reject from the second default, and not in the fist, this is the log:
Wed Jun 24 14:02:36 2009 : Debug: users: Matched entry DEFAULT at
line 3 ( line 3 is the second DEFAULT )
the reject is because it dont is able to oepn tls
If i try in TLS the system accept the request....
The questions is....Why the Peap request dont match the fist DEFAULT ?
thanks for all help
mauro
More information about the Freeradius-Users
mailing list