Essen, Hartwig von wrote: > Due to a limitation also described in 2006 by Matt Brown > http://www.mattb.net.nz/blog/2006/09/22/requiring-client-certificates-fo > r-eap-ttls-with-freeradius/
I don't think that patch was necessary even at the time. That functionality was in the server over a year earlier. > we are not able to use > - mutual certificate authentication between the server and the client in > EAP-TTLS > - in combination with a second factor using inner authentication eg. > EAP-OTP/MSCHAP etc... > According to a suggestion by Matt Brown (link above) a slight change > would correct this. Or, do: authorize { ... if (User-Name == "foo") { update control { EAP-TLS-Require-Client-Cert = Yes } } ... eap ... } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html