Re: Freeradius+MySql+EAP_TLS: authentication without MySQl Entry [SOLVED]
On Wed, Oct 20, 2010 at 9:22 AM, Esteban TALAVERA <etalaveran@gmail.com>wrote:
Thanks!
On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok <aland@deployingradius.com>wrote:
Esteban TALAVERA wrote:
My freeradius + MySQL + EAP_TLS is working, but I have a problem.
I assumed that without an entry in MySQl database, the client can not authenticate,
That's not how EAP-TLS works.
but I forgot to create one user's database entry and the laptop was able to join the network.
It is possible a client authentication without a database entry, just with the certificates
That's how EAP-TLS works.
If you want to reject the user, configure the server to look up the username in the DB, and reject if they're not found. Or, use TLS as it was intended to be used: revoke the client certificate.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
*Esteban Talavera*
* *
*Proyectos ITW C.A.
*
Tel. +(58)212 7623035
+(58)212 7620504
Cel. +(58)412 2892006
Fax +(58)212 7615965
-- *Esteban Talavera* * * *Proyectos ITW C.A. * Tel. +(58)212 7623035 +(58)212 7620504 Cel. +(58)412 2892006 Fax +(58)212 7615965
participants (1)
-
Esteban TALAVERA