Am 04.08.2012 03:15, schrieb Alan DeKok:
Klaus Klein wrote:
Which uses certificates for authentication.
Correct. Thanks for the vote of confidence. You're welcome. :)
The point of my comment was that it DOESN"T use names&& passwords for authentication. I did understand this part.
Nevertheless, if I follow the documentation provided with freeradius (e.g. aaa.rst.gz) then authorization comes before authentication. Also ... an authorization module searches a database ... (/etc/freeradius/users ?) --- if none of database records for this User-Name matches ... authorization will fail. Therefore I'm a bit puzzled that if no matching entry in users is found that the authentication still takes place. I think in that case the behavior contradicts the 'Request Processing' described in aaa.rst.gz Klaus