Cotton, Jesse wrote: > We need to use a public certificate for PEAP b/c the majority of our > clients are not on our domain. However I do not want to allow EAP-TLS > with any cert signed by the 3^rd party CA. Is it possible to prevent > PEAP-TLS with a cert but allow PEAP? If so, what config options do I > need to add and where?
You need to read raddb/sites-available/inner-tunnel. You should look for EAP-TLS in the inner tunnel, and reject it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
