only accept PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"
Alan DeKok
aland at deployingradius.com
Thu Jan 7 14:52:06 CET 2010
Vieri wrote:
> I setup freeradius to accept authentications using PEAP-MSCHAPv2 with client certificates via "EAP-TLS-Require-Client-Cert = Yes".
>
> However, clients who authenticate via EAP-TLS also succeed.
>
> How can I reject all auth types except PEAP-MSCHAPv2 with "EAP-TLS-Require-Client-Cert = Yes"?
> (ie. I require both client certificates and username/password.)
Put this in the "users" file:
DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject
Alan DeKok.
More information about the Freeradius-Users
mailing list