EAP-TLS reject if CN not in MySQL
Jonathan De Graeve
Jonathan.De.Graeve at imelda.be
Wed Sep 28 09:22:40 CEST 2005
In Doc:
imply a group that changes the default ACTIONs to something like
fail = 1
everythingelse = return
Tried in config:
everythingelse = return
radiusd.conf[1637] Unknown module rcode 'everythingelse'.
Also tried:
everything_else = return
radiusd.conf[1637] Unknown module rcode 'everything_else'.
Any ideas?
--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
jonathan.de.graeve at imelda.be
---------
Always read the manual for the correct way to do things because the
number of incorrect ways to do things is almost infinite
---------
-----Oorspronkelijk bericht-----
Van: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] Namens Ben
Dowling
Verzonden: dinsdag 27 september 2005 22:42
Aan: FreeRadius users mailing list
Onderwerp: Re: EAP-TLS reject if CN not in MySQL
Brilliant, that does the trick.
Thanks a lot, Ben
On Tue, 2005-09-27 at 16:05 -0400, Alan DeKok wrote:
> Ben Dowling <bendowling at lineone.net> wrote:
> > Sorry I was referring to the username, the CN in the certificate
gets
> > sent as the username. My problem is how to reject users with valid
> > certificates, but no entry in the database?
>
> doc/configurable_failover
>
> configure a module "always reject" (see radiusd.conf)
>
> In "authorize", do:
>
> ...
> group {
> sql {
> notfound = 1
> ok = return
> fail = return
> everything_else = return
> }
> reject
> }
>
> That says "if the user isn't found in SQL, reject"
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list