Wolfgang Burger wrote: > Well, there is another Radius-Server (DRAS, running under VMS, > controlled by someone else) where all the users are listet. > I just thougt it would be very nice to check for a username/password, to > make sure that noone gives away his certificate in any way.
Then use EAP-TTLS instead of EAP-TLS. You can then proxy the internal username/password information. With EAP-TLS, there is no username or password, so you can't proxy anything. > And, and this is more important, it is possible that someone is blocked > on the other server but still has a valid certificate. > By proxing the request, that user would be blocked. > Any other idea how to do this? Revoke the client certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
