Hi,
> what you are saying is that I should do something like this:
>
> user_ttls EAP-Type != PEAP
>
> that however only prohibits the usage of PEAP for user_ttls while i
> would like to only enable TTLS for this specific user (which is not
> quite the same).
Yes, however you said yourself, that you do _not_ want to only enable
TTLS for this specific user since you also obviously need to enable
the inner protocol used inside the tunnel...
Maybe something like if EAP-TYPE isn't EAP-TTLS and FreeRadius-Proxied-To
is not set for user_ttls,t then reject as a first rule and as a second rule
something like if FreeRadius-Proxied-To is set and AuthType isn't PAP then
reject. And similar rules for user_peap.
Regards,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
