It is easier for me to put explicit denies in the users file when authenticating with TLS. By default anyone with a valid cert gets in. See also certificate revocation list
>>> Andrew Bovill <[email protected]> 11/30/10 7:56 AM >>> Hi, I'm trying to get WPA Enterprise EAP/TLS working with my wireless router. It appears that the TLS portion of the authentication works (valid certificates give me a working connection) but it does NOT appear to actually be checking the username/password combination that is also sent along the line. I have followed the WPA_HOWTO as best I could (my clients are OS X and Android and Gentoo, not Windows XP) but I can't figure out how to 'fail' an auth attempt with an invalid user/pass combination. Here is the debug output: Thanks for any advice. I didn't want to start reconfiguring with a shotgun :) <snip> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
