Thank you very much. :-) I simply need a way to "turn off" certificates. Is there a possibility to reject single certificates? I would like to provide a file containing a list of certs to deny. Is that possible? --Manuel
> No, the only thing that check_cert_cn does is make sure that the CN in > the certificate matches the User-Name attribute in the RADIUS request. > It's basically just a sanity/security check on the request itself. It > does *not* go looking on other autz sources for you. It is up to you to > decide elsewhere (users file, SQL DB, LDAP) whether or not to allow that > user to authenticate. If you do nothing, the user will be allowed to > authenticate by default. If, for some reason, you decide you don't want > a user to be allowed to authenticate, you must specifically reject him. > > --Mike > > ----------------------------------- > Michael Griego > Wireless LAN Project Manager > The University of Texas at Dallas > > > > Manuel Schmitz wrote: > > Hello, > > > > as far as I have understood, the "check_cert_cn" switch in > raddb/eap.conf > > forces the certificate's Common Name to be in the raddb/users file. > > Otherwise there the request will be rejected. > > > > Now I've commented out the whole raddb/users file but the radius doesn't > > reject any request. > > > > I am running a WLAN with EAP-TLS authentication and need to "switch off" > > single certificates. > > > > --Manuel Schmitz > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Lassen Sie Ihren Gedanken freien Lauf... z.B. per FreeSMS GMX bietet bis zu 100 FreeSMS/Monat: http://www.gmx.net/de/go/mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
