Thank you for your answers, Mike. > Manuel Schmitz wrote: > > Can I re-enable certs as well (with CRLs)? > > It *can* be done, but it's generally not advised. If you need to > temporarily disable a client, then the more appropriate way would be an > explicit deny for that username in the users file and make sure > check_cert_cn is enabled. >
How can I do exactly that. PEAP with additional username-check in raddb/users ??? check_cert_cn is already working properly according to my log. :-) --Manuel -- SMS bei wichtigen e-mails und Ihre Gedanken sind frei ... Alle Infos zur SMS-Benachrichtigung: http://www.gmx.net/de/go/sms - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html