On Wed, Oct 20, 2010 at 9:22 AM, Esteban TALAVERA <etalaveran@gmail.com> wrote:
Thanks!


On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok <aland@deployingradius.com> wrote:
Esteban TALAVERA wrote:
> My freeradius + MySQL + EAP_TLS is working, but I have a problem.
>
> I assumed that without an entry in MySQl database, the client can not
> authenticate,

 That's not how EAP-TLS works.

> but I forgot to create one user's database entry and the
> laptop was able to join the network.
>
> It is possible a client authentication without a database entry, just
> with the certificates

 That's how EAP-TLS works.

 If you want to reject the user, configure the server to look up the
username in the DB, and reject if they're not found.  Or, use TLS as it
was intended to be used: revoke the client certificate.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--

Esteban Talavera


Proyectos ITW C.A.

Tel.    +(58)212 7623035

+(58)212 7620504

Cel. +(58)412 2892006

Fax       +(58)212 7615965






--

Esteban Talavera


Proyectos ITW C.A.

Tel.    +(58)212 7623035

+(58)212 7620504

Cel. +(58)412 2892006

Fax       +(58)212 7615965