Do you have any debugging output to show for when it should allow the
user and when it shouldn't allow the user?
--Mike
On Fri, 2004-06-18 at 05:34, pouet wrote:
> Hi,
> I try to use the "check_cert_cn = %{User-Name}" option in the tls
> section of eap.conf. It's not working and still the user's certificate
> is ok, freeradius accept him whatever he typed in the User-Name field
> who is responded after an eap-request-ID message. Is there here someone
> who is using this option with more luck? My goal is to give differents
> privilege to users in function of their CN (now it is CN, but DN or mail
> adress are possible alternative?), for this freeradius must match a user
> name in the users file and to make impossible for a trusted user (who
> own a good certificate for the network) to use privilege of another
> user, I must use this option. Tell me if i'm wrong on this.
> I have searched but only found an old patch (didn't try it) from Michael
> Griego on Nov2003 and an unanswered message from Anthony Lopez on May
> 2004. Any clue?
> thanks
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
