eap/tls access-accept without existing user?

Markus Krause krause at biochem.mpg.de
Fri Aug 12 00:07:51 CEST 2005

hi all!

first what i am using:
- freeradius 1.0.4 (on debian sarge, package built with -disable-shared)
- mac os x 10.3.9
- self-signed certificates built in a similar way than the ones in the
package/tarball (just adapted the CA.certs script)

my users file contains in addition to the unchanged standard the following

---8< users 8<---
testuser1 User-Password == "testing"
testuser2 Auth-Type := Local, User-Password == "testing"
--->8 users >8---

the only changes i made in the configuration file radiusd.conf is to comment out
"suffix", in eap.conf i uncommented the section with tls and ttls

when trying to establish a connection from the mac powerbook using 802.1x and
client certificate i get a working connection if i enter anything but
"testuser2", even a wrong password or no pasword or username at all works! with
 "testuser2" i get an error and no connection.

where am i missing the point?

thanks in advance for any hint!!


Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de

More information about the Freeradius-Users mailing list