EAP-TLS reject if CN not in MySQL
Ben Dowling
bendowling at lineone.net
Tue Sep 27 18:55:10 CEST 2005
Hi,
I still haven't figured this one out, and would really appreciate some
help. I've tried playing around with the DEFAULT profile in the users
file, giving it Auth-Type: Reject, but certificates with CN not in the
database are still authenticated. How do I get freeradius to check for
the username in mysql with EAP-TLS?
Cheers, Ben
Ben Dowling wrote:
> Hi,
>
> I have freeradius-1.04 configured with MySQL using EAP-TLS and PEAP
> for authentication. I wish to reject users whose common name (CN) is
> not included in the MySQL database. I have read the thread regarding
> this exact problem at:
>
> http://lists.cistron.nl/pipermail/freeradius-users/2004-May/032110.html
>
> and it seems I need to set the DEFAULT profile to reject. I don't
> quite understand the thread though, is this the DEFAULT profile in the
> users file, or can I configure this in MySQL. Either way, could
> someone please provide me with an example of what the DEFAULT profile
> entry should look like in order to achieve this?
>
> Thanks for the help,
>
> Ben Dowling
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list