Thanks!
Esteban TALAVERA wrote:That's not how EAP-TLS works.
> My freeradius + MySQL + EAP_TLS is working, but I have a problem.
>
> I assumed that without an entry in MySQl database, the client can not
> authenticate,
That's how EAP-TLS works.
> but I forgot to create one user's database entry and the
> laptop was able to join the network.
>
> It is possible a client authentication without a database entry, just
> with the certificates
If you want to reject the user, configure the server to look up the
username in the DB, and reject if they're not found. Or, use TLS as it
was intended to be used: revoke the client certificate.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Esteban Talavera
Proyectos ITW C.A.
Tel. +(58)212 7623035
+(58)212 7620504
Cel. +(58)412 2892006
Fax +(58)212 7615965