need help - force EAP-TTLS to validate the server certificate

Alan DeKok aland at
Thu Sep 16 09:54:28 CEST 2010

Klaus Laus wrote:
> Thanks a lot Alan DeKok, do I have any possibility to permit login only persons with username/password and client certificate?
> All authentications methods works fine on my server, but I´ll only permit login with username/password and client certificate. Which code I need to set in users/eap.conf ? 
> TLS works fine on my server and the users can login themselves with the client certificate, but I don´t want allow login without username/password, also I don´t want allow logins with username and password but without client certificates.

  Put this into the "users" file:

DEFAULT	EAP-TLS-Require-Client-Cert = yes

  This will require client certificates for *all* EAP methods.  If you
want it to be more specific, see "man unlang" for writing general policies.

  Alan DeKok.

More information about the Freeradius-Users mailing list