disable available EAP types for certain caller-id?
Alan DeKok
aland at deployingradius.com
Thu Jan 7 15:28:34 CET 2021
On Jan 7, 2021, at 8:24 AM, Kacper Wirski <kacper.wirski at gmail.com> wrote:
> I'd like to limit EAP types available depending on called-station-id (ip addresses only for EAP-TLS.
>
> Would something like this - in general - in my "default" site work?
>
> Maybe there is a better way to achieve the same thing? Overall I want to use other EAP-types, so I can't just comment them out in eap module, but I'd like to filter them for specific connections.
If you need to filter EAP types for certain connections, then "unlang" if / then / else rules is the best way.
> I'm using latest stable Freeradius (3.0.21)
>
> authorize {
> ...
> if (&Called-Station-Id == "<my-public-ip>" && &EAP-Type != EAP-TLS) {
> reject
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list