PEAP/TTLS and Client certificates

Alan DeKok aland at
Sat Dec 4 11:08:14 CET 2010

rdeboer wrote:
> I already enabled said option, the only problem is that this doesn't enforce
> the use of PEAP with a client certificate, as the TLS module is enabled and
> configured, it allows you to log in with just a client certificate using
> TLS.  What I want is to enforce the use of not just TLS but PEAP with a
> client cert.

  The solution is to disable EAP-TLS by disallowing it.  In the "users"
file, do:

DEFAULT	EAP-Type == EAP-Type-TLS, Auth-Type := Reject

  Alan DeKok.

More information about the Freeradius-Users mailing list