EAP-TLS reject if CN not in MySQL

Ben Dowling bendowling at lineone.net
Tue Sep 27 20:19:08 CEST 2005


Sorry I was referring to the username, the CN in the certificate gets
sent as the username. My problem is how to reject users with valid
certificates, but no entry in the database?

Cheers, Ben

On Tue, 2005-09-27 at 14:01 -0400, Alan DeKok wrote:
> Ben Dowling <bendowling at lineone.net> wrote:
> > I still haven't figured this one out, and would really appreciate some 
> > help. I've tried playing around with the DEFAULT profile in the users 
> > file, giving it Auth-Type: Reject, but certificates with CN not in the 
> > database are still authenticated. How do I get freeradius to check for 
> > the username in mysql with EAP-TLS?
> 
>   I don't recall if you can get at the CN from the certificate.  Maybe
> try keying off of the User-Name?
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list