EAP-TLS reject if CN not in MySQL

Ben Dowling bendowling at lineone.net
Sat Sep 24 20:22:08 CEST 2005


Hi,

I have freeradius-1.04 configured with MySQL using EAP-TLS and PEAP for 
authentication. I wish to reject users whose common name (CN) is not 
included in the MySQL database. I have read the thread regarding this 
exact problem at:

http://lists.cistron.nl/pipermail/freeradius-users/2004-May/032110.html

and it seems I need to set the DEFAULT profile to reject. I don't quite 
understand the thread though, is this the DEFAULT profile in the users 
file, or can I configure this in MySQL. Either way, could someone please 
provide me with an example of what the DEFAULT profile entry should look 
like in order to achieve this?

Thanks for the help,

Ben Dowling



More information about the Freeradius-Users mailing list