problem to forcing TLS and reject PEAP
Alan DeKok
aland at deployingradius.com
Wed Jun 24 20:35:10 CEST 2009
Mauro Screti wrote:
> i need to authenicate in wireless network only users that use eap-tls as
> method, and reject the same user that try in peap.
If you're using 2.x, stop editing the "users" file, or the "huntgroup"
file, and just write the policy in unlang. it will be clearer, and it
is more likely to work.
> DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == TLS
> Fall-Through = No
...
> The fist DEFAULT should reject the request if the EAP-type is PEAP,
> while the second DEFAULT should accept only the request if the EAP is
> TLS .... i think :-))
No. The second request says "compare, and then do nothing".
Alan DeKok.
More information about the Freeradius-Users
mailing list