Am 04.08.2012 12:57, schrieb Matthew Newton:
On Sat, Aug 04, 2012 at 11:10:38AM +0200, Klaus Klein wrote:
Therefore I'm a bit puzzled that if no matching entry in users
is found that the authentication still takes place.
Try one of:
a) move files above eap in sites-enabled/default. This will mean
that the eap short-circuit won't skip files. It will also mean
that you hit files a lot more than before, which will have a
performance impact (the scale of which depends on the number of
auths, of course).
b) use 3.0, and set a virtual_server for tls. You can then run
files in that, and check attributes before accepting or
otherwise.
c) backport the tls virtual server patch to 2.x - it's pretty
simple.
Thanks for your suggestions. I guess I'll try them in the order a, c, b.
But maybe I should have been a bit more precise in my first email.
The final (first) productive installation should protect the access to my
private WLAN with 3+ APs and 10+ clients.
So the performance impact in suggestion a) will be limited. ;-)
Currently I have set up a test environment to try and learn and, as a side
effect to a more secure WLAN, a more detailed understanding of how (free)RADIUS
works.
Cheers,
Klaus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
