PEAP/TTLS and Client certificates
Alan DeKok
aland at deployingradius.com
Sat Dec 4 11:08:14 CET 2010
rdeboer wrote:
> I already enabled said option, the only problem is that this doesn't enforce
> the use of PEAP with a client certificate, as the TLS module is enabled and
> configured, it allows you to log in with just a client certificate using
> TLS. What I want is to enforce the use of not just TLS but PEAP with a
> client cert.
The solution is to disable EAP-TLS by disallowing it. In the "users"
file, do:
DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject
Alan DeKok.
More information about the Freeradius-Users
mailing list