Riccardo Veraldi wrote: > Not all the people having a certificate should authenticate on my WiFi > infrastructure. > These certificates are for general purpose, so also for EAP-TLS,
Then your PKI system is wrong. You should NOT issue certificates for multiple purposes. You should issue RADIUS (EAP-TLS) certificates ONLY to the people who are allowed to use EAP-TLS. > but some user in my case should not be authenticated. > To select which are the users to be authenticated and which are not, > I wanted to use LDAP properties. If a user is in the LDAP directory > it should pass, if it is not, it should be refused, but at the end, I am > unable to do it. Did you read my statement about using LDAP groups? Do you know what an LDAP group is? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
