EAP-TLS reject if CN not in MySQL

Ben Dowling bendowling at lineone.net
Tue Sep 27 22:41:37 CEST 2005


Brilliant, that does the trick.

Thanks a lot, Ben

On Tue, 2005-09-27 at 16:05 -0400, Alan DeKok wrote:
> Ben Dowling <bendowling at lineone.net> wrote:
> > Sorry I was referring to the username, the CN in the certificate gets
> > sent as the username. My problem is how to reject users with valid
> > certificates, but no entry in the database?
> 
>   doc/configurable_failover
> 
>   configure a module "always reject" (see radiusd.conf)
> 
>   In "authorize", do:
> 
> 	...
> 	group {
> 	      sql {
> 		  notfound = 1
> 		  ok = return
> 		  fail = return
> 		  everything_else = return
> 	      }
> 	      reject
> 	}
> 
>   That says "if the user isn't found in SQL, reject"
> 
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list