27 Sep
2005
27 Sep
'05
4:41 p.m.
Brilliant, that does the trick. Thanks a lot, Ben On Tue, 2005-09-27 at 16:05 -0400, Alan DeKok wrote:
Ben Dowling <bendowling@lineone.net> wrote:
Sorry I was referring to the username, the CN in the certificate gets sent as the username. My problem is how to reject users with valid certificates, but no entry in the database?
doc/configurable_failover
configure a module "always reject" (see radiusd.conf)
In "authorize", do:
... group { sql { notfound = 1 ok = return fail = return everything_else = return } reject }
That says "if the user isn't found in SQL, reject"
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html