<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
i begin setting up configuration. bit i got two problems : <br><br>client with good certificate can be authenticated even if they're not in "users" file.<br>I assume it's due to my code. Here is under authenticate section of default : <br><br>Auth-Type eap {<br> eap<br> if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxx\// ) {<br> if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxx\// ) {<br> ok<br> }<br> else {<br> fail<br> }<br>It's like when condition is checked, it bypassed "users" file.<br><br>Maybe, i must move these lines under authorize ?<br>anyone to confirm it ?<br><br>cheers<br> <br><br><div><div id="SkyDrivePlaceholder"></div>> Date: Mon, 4 Feb 2013 10:32:22 -0500<br>> From: aland@deployingradius.com<br>> To: freeradius-users@lists.freeradius.org<br>> Subject: Re: [EAP/TLS] Authenfication through a certificate<br>> <br>> vazoumana fofana wrote:<br>> > i've got question about EAP/TLS and authentification for a client<br>> > through a certificate ?<br>> > I succeed setting up. But , i notice that freeradius matches client<br>> > login with certificate CNAME.<br>> > Is it possible to change it in order to match email instead of CNAME ?<br>> <br>> Yes.<br>> <br>> Read the eap.conf file, and the raddb/sites-available/default. This<br>> is documented.<br>> <br>> Alan DeKok.<br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></div> </div></body>
</html>