rdeboer wrote:
> I already enabled said option, the only problem is that this doesn't enforce
> the use of PEAP with a client certificate, as the TLS module is enabled and
> configured, it allows you to log in with just a client certificate using
> TLS.  What I want is to enforce the use of not just TLS but PEAP with a
> client cert.

  The solution is to disable EAP-TLS by disallowing it.  In the "users"
file, do:

DEFAULT EAP-Type == EAP-Type-TLS, Auth-Type := Reject

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to