Alan DeKok escribió:
Sergio Yébenes Moreno wrote:
using freeradius with EAP-TLS, the CommonName field of client
certificate contains this: "pepe"
If my file raddb/users constains this: "pepe123" Auth-Type := EAP
Radius sends an Access-Acept and they shouldn't.
(1) EAP-TLS authenticates users based on client certificates. If you
don't want a user to be authenticated, don't issue them a client
certificate. Or, revoke their client certificate.
(2) The configuration you posted disagrees with itself. Are you
configuring something for "pepe", or "pepe123" ?
(3) The configuration you posted does nothing other than request EAP
authentication... which is already done for EAP-TLS.
(4) Nothing in what you posted indicates that the server should reject
anyone.
i.e. You have NOT configured the server to reject any users. As a
result, it does not reject anyone.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, it's really easy to understand. Do you know if freeradius can
make ocsp request? jejeje
In
/freeradius-server-2.0.5/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
they mention ocsp protocol but in eap.conf there are nothing about this!!
Thanks again
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
