rdeboer wrote: > I already enabled said option, the only problem is that this doesn't enforce > the use of PEAP with a client certificate, as the TLS module is enabled and > configured, it allows you to log in with just a client certificate using > TLS. What I want is to enforce the use of not just TLS but PEAP with a > client cert.
The solution is to disable EAP-TLS by disallowing it. In the "users" file, do: DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html