26 Jan
2010
26 Jan
'10
7:18 p.m.
_Stefan_H wrote:
Hello, due to a typing error i realized that there is a mistake at my configuration, the eap-tls is working fine but it doesn't matter what name is written in the certificate, ldap is returning not found but the user is always accepted. I looked at the ldap module for an identity check but i can't find it and setting access_attr = "uid" makes no difference.
Please give me a hint where i have to look.
EAP-TLS does authentication by checking the certificate, not the user name. If you want the LDAP module to reject users who aren't in LDAP, edit raddb/sites-enabled/default, the "authorize" section. Change the line saying "ldap" to: ldap { notfound = reject } Alan DeKok.