disable available EAP types for certain caller-id?

Alan DeKok aland at deployingradius.com
Thu Jan 7 15:28:34 CET 2021

On Jan 7, 2021, at 8:24 AM, Kacper Wirski <kacper.wirski at gmail.com> wrote:
> I'd like to limit EAP types available depending on called-station-id (ip addresses only for EAP-TLS.
> Would something like this - in general - in my "default" site work?
> Maybe there is a better way to achieve the same thing? Overall I want to use other EAP-types, so I can't just comment them out in eap module, but I'd like to filter them for specific connections.

  If you need to filter EAP types for certain connections, then "unlang" if / then / else rules is the best way.

> I'm using latest stable Freeradius (3.0.21)
> authorize {
> ...
>     if (&Called-Station-Id == "<my-public-ip>" &&   &EAP-Type != EAP-TLS) {
>             reject

  That should work.

  Alan DeKok.

More information about the Freeradius-Users mailing list