Reject EAP types in site config

Tue Jun 19 04:08:58 CEST 2012

Hello,

FreeRADIUS version: 2.1.10
OS: Alpine Linux

Trying to reject eap-types other than ttls in the authorize section of
the site config.  Have been assuming that EAP-Type is set when the eap
module is called (based off comment in the default site config).  What
I am finding is that the EAP-Type is set to "" at this point (see my
default site config below).

1. Is there something obvious I am missing here?
2. Is there a better location to do this check in the site config?
3. Is there another way to achieve my goal?

My configuration:

>From default site config authorize section:

        #  It also sets the EAP-Type attribute in the request
        #  attribute list to the EAP type from the packet.
        eap {
                ok = return
        }
        #Reject ttls.  Assuming that EAP-Type has been set based off
above comment
        if ("%{EAP-Type}" != 'EAP-TTLS') {
                Reject
        }

Thanks,
Joshua