freeradius accepts anybody
Alan DeKok
aland at deployingradius.com
Sun Jun 29 19:05:00 CEST 2008
Sergio Yébenes Moreno wrote:
> using freeradius with EAP-TLS, the CommonName field of client
> certificate contains this: "pepe"
> If my file raddb/users constains this: "pepe123" Auth-Type := EAP
> Radius sends an Access-Acept and they shouldn't.
(1) EAP-TLS authenticates users based on client certificates. If you
don't want a user to be authenticated, don't issue them a client
certificate. Or, revoke their client certificate.
(2) The configuration you posted disagrees with itself. Are you
configuring something for "pepe", or "pepe123" ?
(3) The configuration you posted does nothing other than request EAP
authentication... which is already done for EAP-TLS.
(4) Nothing in what you posted indicates that the server should reject
anyone.
i.e. You have NOT configured the server to reject any users. As a
result, it does not reject anyone.
Alan DeKok.
More information about the Freeradius-Users
mailing list