hi Alan
hi Stefan
thanks for your help. I think I understand the idea. however my problems
are on the implementation level.
two things are still not clear to me.
1. we use 'sql' and not 'files' (my fault i didn't mention it
previously) and thus I don't see how I can add the line below to my user
profile who already has things like User-Password ==..., etc. I tried
adding user user_ttls into group TTLS and then using radgroupcheck like
this:
radgroupcheck:
id User Attribute op Value
2 user_ttls EAP-Type != TTLS
3 user_ttls Auth-Type := Reject
but then user_ttls gets rejected. how do I implement it with SQL?
2. we experimented with EAP-Type, but at least for PEAP as soon as we
specify it somewhere in radcheck, PEAP breaks with a server error
message saying that the client has sent a TLV rejecting the connection.
Alan: like Stefan proposed I also thought about something like
FreeRadius-Proxied-To, because i think that you proposal might not work
as soon as the internal method starts for the user. Or don't external
methods use EAP-Type? (still I am not sure how to define "conditions" in
sql tables: if EAP-Type not this value, then add Auth-Type=...)
ciao
artur
Alan DeKok wrote:
Artur Hecker <[EMAIL PROTECTED]> wrote:
user_ttls EAP-Type != PEAP
that however only prohibits the usage of PEAP for user_ttls while i
would like to only enable TTLS for this specific user (which is not
quite the same).
user_ttls EAP-Type != TTLS, Auth-Type := Reject
See the dictionaries for EAP-Type names.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
