Restrict authentication types per user

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Apr 20 15:21:11 CEST 2016


Hi,

>   The best way is to force a reject if any other authentication method is used.  You can't really force one method, because the client can NAK any method you choose, and pick another one.


reject is fail....and client would just try again....and again.... what you want to do,
its for a particular user, NAK that EAP type so the client DOES try another one...

which means.....you need to use different inner-tunnels, with different available EAP
types available in each, for each type/class of user....

alan


More information about the Freeradius-Users mailing list