Hello,
the problem is this.
Not all the people having a certificate should authenticate on my WiFi
infrastructure.
These certificates are for general purpose, so also for EAP-TLS,
but some user in my case should not be authenticated.
To select which are the users to be authenticated and which are not,
I wanted to use LDAP properties. If a user is in the LDAP directory
it should pass, if it is not, it should be refused, but at the end, I am
unable to do it.
So my question now is. Can I use the OU field to select if the user is
valid or not ?
How can I tell freeradius to reject users which has X509 certificate
with a OU different
from a certain value ?
thanks
Rick
Alan DeKok wrote:
Riccardo Veraldi wrote:
but still authentication is succesful using EAP-TLS even if user is not
in LDAP Directory.
any hints ?
That's how EAP-TLS works. If you issued them a certificate, it means
that they are authenticated.
If you don't want to authenticate them, I'm curious why you issued
them a certificate.
But if you still want to reject them... you can. Just put them into
an LDAP group, and reject everyone in that LDAP group.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
