need help - force EAP-TTLS to validate the server certificate
aland at deployingradius.com
Thu Sep 16 09:54:28 CEST 2010
Klaus Laus wrote:
> Thanks a lot Alan DeKok, do I have any possibility to permit login only persons with username/password and client certificate?
> All authentications methods works fine on my server, but I´ll only permit login with username/password and client certificate. Which code I need to set in users/eap.conf ?
> TLS works fine on my server and the users can login themselves with the client certificate, but I don´t want allow login without username/password, also I don´t want allow logins with username and password but without client certificates.
Put this into the "users" file:
DEFAULT EAP-TLS-Require-Client-Cert = yes
This will require client certificates for *all* EAP methods. If you
want it to be more specific, see "man unlang" for writing general policies.
More information about the Freeradius-Users