[EMAIL PROTECTED] wrote: > Do you mean that's impossible to forbids someone to log in > if he holds a valid certificate ?
No. > If authorize don't set EAP, > EAP will not be called in authenticate. Yes. > That's exactly what I want, I want sql to authorize and > EAP to authenticate. > > Am I completely wrong ? You obviously didnt' read any of my earlier messages. I said you didn't have to set Auth-Type to EAP. The EAP module will do it for you. Now, if you want to set Auth-Type to EAP, that's fine for you. But as you found out, doing it that way means that when users do NOT use EAP, they will NEVER be authenticated. > > Which is wrong. Why are you still setting Auth-Type to EAP? > > Because I want to have some users to use EAP and some > not. But both providing me valid certs with EAP-TLS. I'm at a loss for what you're trying to do. You allow some users to use EAP-TLS, and then complain that you don't want them to use EAP? Why not just disallow EAP for the users who aren't allowed to use EAP, or force those users to use System authentication? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
