Odp: Re: eap-tls with valid and fake certificates.

codythejack codythejack at o2.pl
Wed Jan 8 10:43:17 CET 2020 

Hi !  Thanks for help.  MM  
            
          
     
      
       
        Dnia 27 grudnia 2019 23:42 Matthew Newton <mcn at freeradius.org> napisał(a):
       
    
       
         On Fri, 2019-12-27 at 17:47 +0100, codythejack wrote: 
 
 Hello !  The Idea is to authenticate users with eap-tls with 
 certficates. People without any certificate should use different vlan 
 provided by Radius. Only supported authentication should be eap- 
 tls.  Is it possible to make authentication with eap-tls with 
 certficates for valid users and some &#34;guest vlan&#34; for users 
 which hasnt any or unknown certificates ? 
 
  
 It's not possible. If the device doesn't present a valid certificate, 
 it won't authenticate. You can't force an "Accept" with EAP methods. 
  
 You will need to use a different method to handle guest accounts. If 
 you want to use EAP-TLS only you will have to issue certificates to 
 everyone. 
  
 --  
 Matthew 
  
  
 - 
 List info/subscribe/unsubscribe? See  www.freeradius.org www.freeradius.org

More information about the Freeradius-Users mailing list