Phil Mayers wrote: > Except if you're using plain EAP-TLS where there's no inner tunnel IIRC?
Yes. > I have wondered where it might be sensible to fake a PAP request with > the certificate details for EAP-TLS. This would provide (I think) quite > a good way for people to do certificate checking and logging etc. It's not a bad idea. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html