Best way to deny users not matching any groups in the SQL DB
Sylvain Munaut
s.munaut at whatever-company.com
Mon Feb 22 16:53:49 CET 2016
On Mon, Feb 22, 2016 at 4:49 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Feb 22, 2016, at 10:46 AM, Sylvain Munaut <s.munaut at whatever-company.com> wrote:
>>
>>>> Well my use case is not that simple :)
>>>> If you're issued a cert you can prove who you are. But then depending
>>>> on who you proved you were, you're going to be granted / denied access
>>>> to whatever you're requesting to access.
>>>
>>> That has *nothing to do with EAP-TLS*. You're again confusing two unrelated issues.
>>
>> Do you even read what I write ?
>
> Carefully.
>
>> Matthew wrote :
>>
>> "if you can present a valid certificate then you are permitted to connect."
>>
>> To which I responded :
>>
>> """
>> If you're issued a cert you can prove who you are. But then depending
>> on who you proved you were, you're going to be granted / denied access
>> to whatever you're requesting to access.
>> """
>>
>> WHERE in that am I mixing things up ?!?
>
> *How* the user authenticated themselves is completely independent of *what* the user is allowed to do.
!?!
And where exactly in my statement do I say anything that contradicts that ?
Cheers,
Sylvain
More information about the Freeradius-Users
mailing list