On Sun, Sep 14, 2003 at 02:46:28PM -0400, Alan DeKok wrote:
> [EMAIL PROTECTED] wrote:
>
> You obviously didnt' read any of my earlier messages. I said you
> didn't have to set Auth-Type to EAP. The EAP module will do it for
> you.
ok, it'll do it only if I use EAP in authorize, which I don't want.
>
> Now, if you want to set Auth-Type to EAP, that's fine for you. But
> as you found out, doing it that way means that when users do NOT use
> EAP, they will NEVER be authenticated.
>
> > > Which is wrong. Why are you still setting Auth-Type to EAP?
> >
> > Because I want to have some users to use EAP and some
> > not. But both providing me valid certs with EAP-TLS.
>
> I'm at a loss for what you're trying to do. You allow some users to
> use EAP-TLS, and then complain that you don't want them to use EAP?
yep, I want to disable user as easy as changing there group.
To permit the re-opening of their access, if it's necessary.
I want to be able to not permanently close an access to someone
holding a valid certificate.
> Why not just disallow EAP for the users who aren't allowed to use EAP,
> or force those users to use System authentication?
That's what I wanted to do but wasn't able to set up.
''
What I want to do is just use the db to select what
Auth-Type the user will use in authenticate.
''
And the problem was only the users file:
DEFAULT Auth-Type := System
Which was wrong, should be '='.
Thanks you for your time ;)
--
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
