Sergio YƩbenes Moreno wrote:
using freeradius with EAP-TLS, the CommonName field of client certificate contains this: "pepe" If my file raddb/users constains this: "pepe123" Auth-Type := EAP Radius sends an Access-Acept and they shouldn't.
(1) EAP-TLS authenticates users based on client certificates. If you don't want a user to be authenticated, don't issue them a client certificate. Or, revoke their client certificate. (2) The configuration you posted disagrees with itself. Are you configuring something for "pepe", or "pepe123" ? (3) The configuration you posted does nothing other than request EAP authentication... which is already done for EAP-TLS. (4) Nothing in what you posted indicates that the server should reject anyone. i.e. You have NOT configured the server to reject any users. As a result, it does not reject anyone. Alan DeKok.