Hi, > One thing I'd like to achive in the "EDUROAM"-responsible RADIUS > "router" (server) is to make sure that *only* EAP-TTLS requests are > forwarded to the RADIUS server doing the real user authentication.
the inner, or the whole request? if only the inner, then please note that this will break new EAP RFCs > Ie, I would like to make sure that it will reject requests that > come in from the outside with user+password stuff sent in cleartext. > > (And also make sure itself won't send out such requests). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ visitors to your site might be using any type of EAP - thats down to their home site...so you'll have to let all EAP out..once again, as previous answer, in plain user/auth, there are many fields missing... but what kit at your site would even be attempting a plain user/pass login? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
