Odp: Re: eap-tls with valid and fake certificates.
Hi ! Thanks for help. MM Dnia 27 grudnia 2019 23:42 Matthew Newton <mcn@freeradius.org> napisał(a): On Fri, 2019-12-27 at 17:47 +0100, codythejack wrote: Hello ! The Idea is to authenticate users with eap-tls with certficates. People without any certificate should use different vlan provided by Radius. Only supported authentication should be eap- tls. Is it possible to make authentication with eap-tls with certficates for valid users and some "guest vlan" for users which hasnt any or unknown certificates ? It's not possible. If the device doesn't present a valid certificate, it won't authenticate. You can't force an "Accept" with EAP methods. You will need to use a different method to handle guest accounts. If you want to use EAP-TLS only you will have to issue certificates to everyone. -- Matthew - List info/subscribe/unsubscribe? See www.freeradius.org www.freeradius.org
participants (1)
-
codythejack