How to deny user with changed username when using EAP-TLS

Marcos González mgtroyas at gmail.com
Wed Sep 27 19:38:50 CEST 2006


Hello, my name is Marcos and I'm developing an access control solution
using FreeRADIUS+MySQL+Web frontend.

I use check attributes in table 'radusercheck ' to allow or deny access
on a per user basis. The problem is, if an user changes his 'UserName'
in his wireless network adapter configuration, then there's no match in
the table, and he enters the network bypassing my solution.

There's an option in sql.conf that allows defining a DEFAULT profile,
and also assigning it to non known users. But it's parsed after the
normal check, so if I define an 'Auth-Type := Reject', both are denied,
known and unknown users.

Is there any way to allow known users (those whose UserName appears in
radcheck) access, but deny unknown (all other) users?

Thank you in advance.




More information about the Freeradius-Users mailing list