Question about windowsXP(Odessey Client) + EAP-TLS with freeRADIUS

Alan DeKok aland at
Thu Dec 13 10:58:47 CET 2007

Hangjun He wrote:
>    And I use EAP-TLS and with correct certs.  Even if  I set wrong
> username in Odessey Client, freeRADIUS will return
> success.(check_cert_cn not set).

  EAP-TLS authenticates users based on certificates.  It ignores the
user name.

>     Can I let freeRADIUS to check if username in the users file or other
> database?  If not, reject user.

  Yes.  Configure that:

bob	Auth-Type := Reject

  Alan DeKok.

More information about the Freeradius-Users mailing list