EAP-TLS with user base in SQL not happening

Alan DeKok aland at deployingradius.com
Fri Feb 15 14:32:03 CET 2019


On Feb 15, 2019, at 6:22 AM, Mankomal Singh <mankomal at shouut.com> wrote:
> 
> I am doing EAP-TLS test to authenticate only known users that are in SQL to
> authenticate via TLS method, how can I achieve this? can some one share me
> any guide on this, I have been able to achieve TLS authentication on files
> but not able to do so via SQL Server.
> 
> My issue is that even if the user is not found in SQL it is able to
> authenticate via TLS

  That's largely what EAP-TLS means... if the user has a client certificate, they're authenticated.  If you want to reject certain users, you should revoke their client certificate.

  If you can't do that, you *can* reject the user, but their system won't know why they've been rejected.  So it will try to authenticate over and over again.

  You can do this:

authorize {
	...
	sql
	if (notfound) {
		reject
	}
	...
}

  Reading the debug output should make it clear why this works.

  Alan DeKok.




More information about the Freeradius-Users mailing list