Enforcing use of Eap-TLS or PEAP

[Kamil Jońca]

I try to set up radius authentication in my WiFi network.
I want to have:
1. one user (samsung phone) should be authenticated with PEAP 
2. others should be authenticated with EAP-TLS.
Naive approach is to use Auth-Type but its treated as misuse at
http://deployingradius.com/documents/configuration/auth_type.html
But example is only for ms-chap, and I don't know which attribute(?)
use to force PEAP /EAP-TLS

Any help? Am I missing something?
KJ

-- 
http://blogdebart.pl/2009/12/22/mamy-chorych-dzieci/
QOTD:
It's been real and it's been fun, but it hasn't been real fun.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Enforcing use of Eap-TLS or PEAP

[Alan DeKok]

Kamil Jońca wrote:
 I try to set up radius authentication in my WiFi network.
 I want to have:
 1. one user (samsung phone) should be authenticated with PEAP 
 2. others should be authenticated with EAP-TLS.

  Give user (1) a password.  Give each of the other users a client
certificate.

   Done.

 Naive approach is to use Auth-Type but its treated as misuse at
 http://deployingradius.com/documents/configuration/auth_type.html
 But example is only for ms-chap, and I don't know which attribute(?)
 use to force PEAP /EAP-TLS
 
 Any help? Am I missing something?

  You're making it too complicated.  There's no need to force
anything.  Just configure the users, and it will work.

  If you don't give the users from (2) any passwords, PEAP won't work
for them.  If you don't give users from (1) any client certificates,
EAP-TLS won't work for them.

  It's that simple.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html