Due to a limitation also described in 2006 by Matt Brown http://www.mattb.net.nz/blog/2006/09/22/requiring-client-certificates-fo r-eap-ttls-with-freeradius/ we are not able to use - mutual certificate authentication between the server and the client in EAP-TTLS - in combination with a second factor using inner authentication eg. EAP-OTP/MSCHAP etc... According to a suggestion by Matt Brown (link above) a slight change would correct this. Was this suggestion ever communicated to the freeradius project ? We also plan to use the described combination and would prefer, when that slight change could be integrated rather than doing a patch.
Hartwig ve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html