EAP-TLS - OpenLDAP - UID Check
Hello, due to a typing error i realized that there is a mistake at my configuration, the eap-tls is working fine but it doesn't matter what name is written in the certificate, ldap is returning not found but the user is always accepted. I looked at the ldap module for an identity check but i can't find it and setting access_attr = "uid" makes no difference. Please give me a hint where i have to look. -- View this message in context: http://old.nabble.com/EAP-TLS---OpenLDAP---UID-Check-tp27326455p27326455.htm... Sent from the FreeRadius - User mailing list archive at Nabble.com.
_Stefan_H wrote:
Hello, due to a typing error i realized that there is a mistake at my configuration, the eap-tls is working fine but it doesn't matter what name is written in the certificate, ldap is returning not found but the user is always accepted. I looked at the ldap module for an identity check but i can't find it and setting access_attr = "uid" makes no difference.
Please give me a hint where i have to look.
EAP-TLS does authentication by checking the certificate, not the user name. If you want the LDAP module to reject users who aren't in LDAP, edit raddb/sites-enabled/default, the "authorize" section. Change the line saying "ldap" to: ldap { notfound = reject } Alan DeKok.
Alan DeKok-2 wrote:
EAP-TLS does authentication by checking the certificate, not the user name.
If you want the LDAP module to reject users who aren't in LDAP, edit raddb/sites-enabled/default, the "authorize" section. Change the line saying "ldap" to:
ldap { notfound = reject }
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks -- View this message in context: http://old.nabble.com/EAP-TLS---OpenLDAP---UID-Check-tp27326455p27341289.htm... Sent from the FreeRadius - User mailing list archive at Nabble.com.
participants (2)
-
_Stefan_H -
Alan DeKok