Restrict authentication types per user

Alan DeKok aland at deployingradius.com
Wed Apr 20 15:03:35 CEST 2016


On Apr 20, 2016, at 5:18 AM, yolanda3000 at freenet.de wrote:
> 
> I want to test a supplicant. I'm looking for a way to restrict the
> allowed authentication types per user. Only one special
> authentication type per user. I know that it is a stupid
> thing to do, but I need it for testing.

  The best way is to force a reject if any other authentication method is used.  You can't really force one method, because the client can NAK any method you choose, and pick another one.

authorize {
	...
	eap
	if ((User-Name == "user1") && (EAP-Type != EAP-TLS)) {
		reject
	}
	...
}

  Alan DeKok.




More information about the Freeradius-Users mailing list