Banning users in a nice way...
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Jun 27 15:15:49 CEST 2007
> For your case 1): depends. If there actually is a user cert on the client's
> box and its CN does not contain an @, same as above applies. If their CN does
> contain an @, well, then you are pretty much lost. Shouldn't be many though.
>
No certs on users boxes, completely vanilla installs... Well as vanilla
as a students laptop can be ... vanilla + Azureus + Kazza + Spyware
>Not that I can think of. You shouldn't be able to coax a supplicant >onto
>a network by munging authentication (this is a *good* thing).
>josh.
Yes it is I suppose :)
This is what I suspected... I was planning on just sending an
Access-Accept EAP packet and seeing what happened. But i'm guessing even
if it did work (due to microsoft supplicant being horribly broken) it
would go against quite a few RFCs, and wouldn't really make a good case
study for JRS ;)
Thanks for both your replys :)
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list