Restrict authentication types per user
Alan DeKok
aland at deployingradius.com
Wed Apr 20 15:03:35 CEST 2016
On Apr 20, 2016, at 5:18 AM, yolanda3000 at freenet.de wrote:
>
> I want to test a supplicant. I'm looking for a way to restrict the
> allowed authentication types per user. Only one special
> authentication type per user. I know that it is a stupid
> thing to do, but I need it for testing.
The best way is to force a reject if any other authentication method is used. You can't really force one method, because the client can NAK any method you choose, and pick another one.
authorize {
...
eap
if ((User-Name == "user1") && (EAP-Type != EAP-TLS)) {
reject
}
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list