[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Enforcing use of Eap-TLS or PEAP
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2012-12-24 13:06:27
Message-ID: 50D85353.4000801 () deployingradius ! com
[Download RAW message or body]

Kamil Jońca wrote:
> I try to set up radius authentication in my WiFi network.
> I want to have:
> 1. one user (samsung phone) should be authenticated with PEAP 
> 2. others should be authenticated with EAP-TLS.

  Give user (1) a password.  Give each of the other users a client
certificate.

   Done.

> Naive approach is to use Auth-Type but its treated as "misuse" at
> http://deployingradius.com/documents/configuration/auth_type.html
> But example is only for ms-chap, and I don't know which attribute(?)
> use to force PEAP /EAP-TLS
> 
> Any help? Am I missing something?

  You're making it too complicated.  There's no need to "force"
anything.  Just configure the users, and it will work.

  If you don't give the users from (2) any passwords, PEAP won't work
for them.  If you don't give users from (1) any client certificates,
EAP-TLS won't work for them.

  It's that simple.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]