Re: EAP-TLS - Authenticating only certain users

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Subject: Re: EAP-TLS - Authenticating only certain users
From: "Stephen Bowman" <stephenbb@gmail.com>
Date: Sat, 17 Feb 2007 12:02:47 -0500
In-reply-to: <45D6BADE.3050100@deployingradius.com>
References: <bd2ef3760702161649h2d93d84ei10aaa99856e65d64@mail.gmail.com> <45D6BADE.3050100@deployingradius.com>
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Ok, so I put a list of usernames in the users file with an Auth-Type := EAP ?

Right now, everyone with a valid client certificate is authenticated (nobody is listed in the users file). Once I start enumerating them in the users file, will it have an implicit deny all of everyone who isn't in the users file?

Also - is there a way to define a different users file per NAS?

On 2/17/07, Alan DeKok <aland@deployingradius.com > wrote:

Stephen Bowman wrote:
> When using EAP-TLS as the only method in freeradius, is there a way to
> define a list of allowed users, perhaps by the CN on their client
> certificate?

Or the User-Name attribute, which should be the same as the client CN.

  Alan DeKok.
--
   http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Follow-Ups:
- Re: EAP-TLS - Authenticating only certain users
  - From: Alan DeKok <aland@deployingradius.com>

References:
- EAP-TLS - Authenticating only certain users
  - From: "Stephen Bowman" <stephenbb@gmail.com>
- Re: EAP-TLS - Authenticating only certain users
  - From: Alan DeKok <aland@deployingradius.com>

Previous by Date: Freeradius+Mysql - radreply
Next by Date: Re: Red Hat vs. Slackware
Previous by Thread: Re: EAP-TLS - Authenticating only certain users
Next by Thread: Re: EAP-TLS - Authenticating only certain users
Freeradius-Users February 2007 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.