2 Dec
2009
2 Dec
'09
4:51 p.m.
BUT, we noted an interesting behaviour. If the client specify Windows to use another username to login, although freeradius complaints that the user doesn't exist on ldap, it seems it still accepts this user, as long as the certificate is fine. So, in this case, if the user isn't allowed to login because of simultaneous use, he still can change the username which he uses specifying another one (whichever, even if it doesn't exist) and voilá! He can now log in.
I'm sure I'm missing something, but I'm not sure what.
Any clue?
Read doc/rlm_ldap, bit about access attribute. Ivan Kalik