EAP-TTLS/EAP-PEAP Certificats

Phil Mayers p.mayers at imperial.ac.uk
Thu Dec 15 16:00:36 CET 2011


On 15/12/11 14:29, Vincent Guardiola wrote:
> Hi all,
>
> I have just one question about client certificats with EAP-TTLS or EAP-PEAP.
>
> I would like use certificats client with authentication MSCHAPv2 it's
> possible ?

Yes. This is documented in the "eap.conf":

#  You can make PEAP require a client cert by setting
#
#       EAP-TLS-Require-Client-Cert = Yes
#
#  in the control items for a request.

In the *outer* tunnel, do this:

authorize {
  ...
  update control {
   EAP-TLS-Require-Client-Cert = Yes
  }
  ...
  eap
}

I know it says EAP-TLS; ignore that. It will make the PEAP client send a 
client cert.



More information about the Freeradius-Users mailing list