EAP-TLS reject if CN not in MySQL
Alan DeKok
aland at ox.org
Tue Sep 27 22:05:19 CEST 2005
Ben Dowling <bendowling at lineone.net> wrote:
> Sorry I was referring to the username, the CN in the certificate gets
> sent as the username. My problem is how to reject users with valid
> certificates, but no entry in the database?
doc/configurable_failover
configure a module "always reject" (see radiusd.conf)
In "authorize", do:
...
group {
sql {
notfound = 1
ok = return
fail = return
everything_else = return
}
reject
}
That says "if the user isn't found in SQL, reject"
Alan DeKok.
More information about the Freeradius-Users
mailing list