Hello, My understanding of Wireless 802.1x supports boils down to the AP passing the EAP authentication to the backend radius server after the initial EAPOL, but the actual EAP type used is up to the supplicant. I would like to use EAP-TLS for an SSID for wireless LAN access, and LEAP (no other choice :( ) for wireless phones. But if the SSIDs are configured on all APs, All APs point to a single FreeRadius Backend configured for TLS, LEAP and PEAP; how do I prevent a compromised LEAP account from being used to access the SSID supposedly secured by EAP-TLS?
Watching the logs with radiusd -X -A I do not see a field I can key off of to limit the EAP type allowed. Thanks, -Patrick. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
