Ok, so I put a list of usernames in the users file with an Auth-Type := EAP ?
Right now, everyone with a valid client certificate is authenticated (nobody is listed in the users file). Once I start enumerating them in the users file, will it have an implicit deny all of everyone who isn't in the users file?
Also - is there a way to define a different users file per NAS?
Stephen Bowman wrote:
> When using EAP-TLS as the only method in freeradius, is there a way to
> define a list of allowed users, perhaps by the CN on their client
> certificate?
Or the User-Name attribute, which should be the same as the client CN.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html