--- On Thu, 10/22/09, Vieri <[email protected]> wrote:
> From: Vieri <[email protected]> > Subject: Re: PEAP + EAP-TLS: client certificates > To: [email protected] > Date: Thursday, October 22, 2009, 9:05 AM > > --- On Thu, 10/22/09, Ivan Kalik <[email protected]> > wrote: > > > > If I install a self-signed certificate on > another > > Windows client and > > > connect via EAP-TLS then I can connect without > having > > to use an Active > > > Directory user, as expected. > > > > > > I'm wondering if I can *require* both a > certificate on > > the client machine > > > AND an AD user authentication. In other words, > how can > > I *require* > > > PEAP-EAP-TLS? (currently, my freeradius > configuration > > seems to require > > > PEAP OR EAP-TLS) > > > > > > Freeradius version: 2.0.5 > > > > Don't know about that version. It should say how to > require > > certificates > > for peap in eap.conf above peap section. > > Is this the option? > EAP-TLS-Require-Client-Cert = Yes > I'm not sure where I should place it. If in eap.conf I have: peap { ... virtual_server = "inner-tunnel" } then maybe I should edit sites-available/inner-tunnel and add: server inner-tunnel { ... authorize { ... update control { ... EAP-TLS-Require-Client-Cert = Yes } } } Is this correct? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
