User Authenticated even when username not given in USERS file (EAP-TLS)
Hi , I am using EAP-TLS for authentication, USERs are getting authenticated even when I have not defined the user in USERS file. I have not changed any default configuration. Certificates are made by the makefile provided. Windows client is having both root & client certificates installed. radiusd -X log -> * http://pastebin.com/hZWubqWD* 1. Is this behavior normal. 2. Should I have to use DEFAULT Auth-Type := Reject at the end of users file ? Thanks & Regards,
Prateek Kumar wrote:
I am using EAP-TLS for authentication, USERs are getting authenticated even when I have not defined the user in USERS file.
That's how EAP-TLS works. You issued a client certificate. Possession of the client certificate means that the user is authenticated.
1. Is this behavior normal.
Yes.
2. Should I have to use DEFAULT Auth-Type := Reject at the end of users file ?
No. Alan DeKok.
Thanks Alan On Wed, Mar 28, 2012 at 9:25 PM, Alan DeKok <aland@deployingradius.com>wrote:
Prateek Kumar wrote:
I am using EAP-TLS for authentication, USERs are getting authenticated even when I have not defined the user in USERS file.
That's how EAP-TLS works. You issued a client certificate. Possession of the client certificate means that the user is authenticated.
1. Is this behavior normal.
Yes.
2. Should I have to use DEFAULT Auth-Type := Reject at the end of users file ?
No.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
Prateek Kumar