Peter Lesko plesko at
Fri Sep 23 21:20:29 CEST 2016

I'm having a similar issue to the one described here:

Currently, I can auth with just a signed cert, or just username/password

I would like to enforce both, but I have been unable to determine the
correct keywords/config after reading many forum posts, in addition to the
comments provided in the default configuration

I have attempted to add this config line to enforce signed certs in
EAP-TLS-Require-Client-Cert = yes

This causes freeradius not to start for me though, and I'm pretty certain I
have tried putting that in each block present in the file

As for requiring user/password auth, I have tried:

DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject
Which causes freeradius to fail to load

DEFAULT EAP-Type == EAP-TLS, Auth-Type := Reject
Which still allows EAP-TLS only

DEFAULT EAP-Type != PEAP, Auth-Type := Reject
Which still allows EAP-TLS only as well

Please advise

Thanks in advance,

More information about the Freeradius-Users mailing list