26 Mar
2008
26 Mar
'08
11:58 a.m.
Sven 'Darkman' Michels wrote:
Ok, i'll doublecheck that. But just a note: if i use the wrong cert and see a NACK message in the log - then my ttls failed and i shouldn't see a ldap query at all...?
It all depends on how you set up your configuration.
Or do i missunderstand something here? I just want to make sure that my client is "my" client, and not a stranger. Thats why i want the eap stuff (to force all "signed" by the clients cert, and avoid password attacks and stuff like that).
You can configure the LDAP queries to be run *only* after the TLS tunnel has been set up. See raddb/sites-available/inner-tunnel. Alan DeKok.