Esteban TALAVERA wrote: > My freeradius + MySQL + EAP_TLS is working, but I have a problem. > > I assumed that without an entry in MySQl database, the client can not > authenticate,
That's not how EAP-TLS works. > but I forgot to create one user's database entry and the > laptop was able to join the network. > > It is possible a client authentication without a database entry, just > with the certificates That's how EAP-TLS works. If you want to reject the user, configure the server to look up the username in the DB, and reject if they're not found. Or, use TLS as it was intended to be used: revoke the client certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html