Essen, Hartwig von wrote:
> Due to a limitation also described in 2006 by Matt Brown
> http://www.mattb.net.nz/blog/2006/09/22/requiring-client-certificates-fo
> r-eap-ttls-with-freeradius/
I don't think that patch was necessary even at the time. That
functionality was in the server over a year earlier.
> we are not able to use
> - mutual certificate authentication between the server and the client in
> EAP-TTLS
> - in combination with a second factor using inner authentication eg.
> EAP-OTP/MSCHAP etc...
> According to a suggestion by Matt Brown (link above) a slight change
> would correct this.
Or, do:
authorize {
...
if (User-Name == "foo") {
update control {
EAP-TLS-Require-Client-Cert = Yes
}
}
...
eap
...
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
