EAP-TLS - OpenLDAP - UID Check

Alan DeKok aland at deployingradius.com
Wed Jan 27 01:18:18 CET 2010

_Stefan_H wrote:
> Hello, due to a typing error i realized that there is a mistake at my
> configuration, the eap-tls is working fine but it doesn't matter what name
> is written in the certificate, ldap is returning not found but the user is
> always accepted. I looked at the ldap module for an identity check but i
> can't find it and setting access_attr = "uid" makes no difference.
> Please give me a hint where i have to look.

  EAP-TLS does authentication by checking the certificate, not the user

  If you want the LDAP module to reject users who aren't in LDAP, edit
raddb/sites-enabled/default, the "authorize" section.  Change the line
saying "ldap" to:

	ldap {
		notfound = reject

  Alan DeKok.

More information about the Freeradius-Users mailing list