Sorry I was referring to the username, the CN in the certificate gets sent as the username. My problem is how to reject users with valid certificates, but no entry in the database? Cheers, Ben On Tue, 2005-09-27 at 14:01 -0400, Alan DeKok wrote:
Ben Dowling <bendowling@lineone.net> wrote:
I still haven't figured this one out, and would really appreciate some help. I've tried playing around with the DEFAULT profile in the users file, giving it Auth-Type: Reject, but certificates with CN not in the database are still authenticated. How do I get freeradius to check for the username in mysql with EAP-TLS?
I don't recall if you can get at the CN from the certificate. Maybe try keying off of the User-Name?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html