Alan DeKok escribió:
Sergio Yébenes Moreno wrote:
using freeradius with EAP-TLS, the CommonName field of client certificate contains this: "pepe" If my file raddb/users constains this: "pepe123" Auth-Type := EAP Radius sends an Access-Acept and they shouldn't.
(1) EAP-TLS authenticates users based on client certificates. If you don't want a user to be authenticated, don't issue them a client certificate. Or, revoke their client certificate.
(2) The configuration you posted disagrees with itself. Are you configuring something for "pepe", or "pepe123" ?
(3) The configuration you posted does nothing other than request EAP authentication... which is already done for EAP-TLS.
(4) Nothing in what you posted indicates that the server should reject anyone.
i.e. You have NOT configured the server to reject any users. As a result, it does not reject anyone.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, it's really easy to understand. Do you know if freeradius can make ocsp request? jejeje In /freeradius-server-2.0.5/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c they mention ocsp protocol but in eap.conf there are nothing about this!! Thanks again