EAP-TLS reject if CN not in MySQL
Ben Dowling
bendowling at lineone.net
Tue Sep 27 22:41:37 CEST 2005
Brilliant, that does the trick.
Thanks a lot, Ben
On Tue, 2005-09-27 at 16:05 -0400, Alan DeKok wrote:
> Ben Dowling <bendowling at lineone.net> wrote:
> > Sorry I was referring to the username, the CN in the certificate gets
> > sent as the username. My problem is how to reject users with valid
> > certificates, but no entry in the database?
>
> doc/configurable_failover
>
> configure a module "always reject" (see radiusd.conf)
>
> In "authorize", do:
>
> ...
> group {
> sql {
> notfound = 1
> ok = return
> fail = return
> everything_else = return
> }
> reject
> }
>
> That says "if the user isn't found in SQL, reject"
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list