Definite Auth-Type via SQL-DB

dump at dump at
Mon May 2 21:00:36 CEST 2016

Dear list.

I'm using freeradius 2.2.5 on Debian-Jessie.

I would like to limit the accepted authentication types to TTLS-PAP, as
I'm using SHA1-PWs stored in a MySQL-DB. As described on

using `Auth-Type' in sites-available/inner-tunnel or default to
generally reject mschap and chap is not recommended. Instead an entry in
the users file (or radcheck table) should be used.

The problem is for me, that the example describes the acception of
MSCHAP only, but I didn't succeed in adapting it for accepting PAP only.

How is this possible to reject any authentication attempt except PAP?

For advanced: How generally switch of PEAP?

Many thanks in advance
and best regards


More information about the Freeradius-Users mailing list