Enforcing use of Eap-TLS or PEAP

Alan DeKok aland at deployingradius.com
Mon Dec 24 14:06:27 CET 2012


Kamil Jońca wrote:
> I try to set up radius authentication in my WiFi network.
> I want to have:
> 1. one user (samsung phone) should be authenticated with PEAP 
> 2. others should be authenticated with EAP-TLS.

  Give user (1) a password.  Give each of the other users a client
certificate.

   Done.

> Naive approach is to use Auth-Type but its treated as "misuse" at
> http://deployingradius.com/documents/configuration/auth_type.html
> But example is only for ms-chap, and I don't know which attribute(?)
> use to force PEAP /EAP-TLS
> 
> Any help? Am I missing something?

  You're making it too complicated.  There's no need to "force"
anything.  Just configure the users, and it will work.

  If you don't give the users from (2) any passwords, PEAP won't work
for them.  If you don't give users from (1) any client certificates,
EAP-TLS won't work for them.

  It's that simple.

  Alan DeKok.


More information about the Freeradius-Users mailing list