Disable PEAP-TLS but allow PEAP

Alan DeKok aland at deployingradius.com
Tue Aug 14 17:09:54 CEST 2012

Cotton, Jesse wrote:
> We need to use a public certificate for PEAP b/c the majority of our
> clients are not on our domain. However I do not want to allow EAP-TLS
> with any cert signed by the 3^rd party CA. Is it possible to prevent
> PEAP-TLS with a cert but allow PEAP? If so, what config options do I
> need to add and where?

  You need to read raddb/sites-available/inner-tunnel.  You should look
for EAP-TLS in the inner tunnel, and reject it.

  Alan DeKok.

More information about the Freeradius-Users mailing list