Hi, we have setup a freeradius server for WLAN authentication. We have deployed a PKI to use EAP-TLS and everything runs fine so far. But I am wondering if the user name provided by the supplicant is used by freeradius at all when using this authentication method. I have tested these scenarios: 1. no entry in users file [files] module returns noop supplicant is authenticated via EAP 2. added plain user name to users file [files] module matches user and returns OK supplicant is authenticated via EAP 3. added user name with "Auth-Type := EAP" [files] module returns noop supplicant is authenticated via EAP If I provide a wrong user name in the supplicant configuration (it doesn't match the user name in client certificate), authentication still works. So is it checked at all? If so, does that imply that everyone is able get authenticated as soon as he gets the client certificate, even if he doesn't know the users identity? So some explanation about the relation between EAP-TLS and the user store would be great... Many thanks in advance. Best Regards, Sven Menschner ------------------------------------------------------------------------- DREWAG - Stadtwerke Dresden GmbH Sitz der Gesellschaft: Dresden Geschäftsführer: Reiner Zieschank (Sprecher), Dr. Reinhard Richter Vorsitzende des Aufsichtsrates: Helma Orosz, Oberbürgermeisterin Registergericht: Amtsgericht Dresden HRB 2626 ------------------------------------------------------------------------- DREWAG - das heißt für Sie: sehr guter Service und ein faires Preis-Leistungs-Verhältnis! 2013 wurde die DREWAG wiederholt vom Wirtschaftsmagazin FOCUS-Money als einer der fairsten Stromversorger Deutschlands ausgezeichnet.