I'm using WPA2-EAP-TLS to verify certificates, and matching certificates
to accounts in LDAP to verify accounts are in good standing.
This morning around 7AM local time I blocked an offending user from the
wifi network by adding their account to the disabled-users group in the
ldap directory. Until 7PM, I got no entries in my log specifying Login
incorrect for the offending host until approximately 7PM. The client
was able to connect and continue to access the network successfully the
entire time. I also effectively kicked the user at the access point
after setting the account to disabled. For over 12 hours the user
account was able to continue to connect unhindered. Is there a setting
in FreeRadius that would allow me to limit this time period, or is it a
setting in my access point I would need to set? If no clear answer is
available, I can attempt to determine an answer experimentally, but I'd
prefer to have an absolute answer from someone knowledgeable.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
