Sergio Yébenes Moreno wrote: > using freeradius with EAP-TLS, the CommonName field of client > certificate contains this: "pepe" > If my file raddb/users constains this: "pepe123" Auth-Type := EAP > Radius sends an Access-Acept and they shouldn't.
(1) EAP-TLS authenticates users based on client certificates. If you don't want a user to be authenticated, don't issue them a client certificate. Or, revoke their client certificate. (2) The configuration you posted disagrees with itself. Are you configuring something for "pepe", or "pepe123" ? (3) The configuration you posted does nothing other than request EAP authentication... which is already done for EAP-TLS. (4) Nothing in what you posted indicates that the server should reject anyone. i.e. You have NOT configured the server to reject any users. As a result, it does not reject anyone. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
