Klaus Laus wrote: > Thanks a lot Alan DeKok, do I have any possibility to permit login only > persons with username/password and client certificate? > All authentications methods works fine on my server, but I´ll only permit > login with username/password and client certificate. Which code I need to set > in users/eap.conf ? > TLS works fine on my server and the users can login themselves with the > client certificate, but I don´t want allow login without username/password, > also I don´t want allow logins with username and password but without client > certificates.
Put this into the "users" file: DEFAULT EAP-TLS-Require-Client-Cert = yes This will require client certificates for *all* EAP methods. If you want it to be more specific, see "man unlang" for writing general policies. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html