freeradius accepts anybody
Sergio Yébenes Moreno
sergioyebenes at alumnos.upm.es
Mon Jun 30 19:35:05 CEST 2008
Alan DeKok escribió:
> Sergio Yébenes Moreno wrote:
>
>> using freeradius with EAP-TLS, the CommonName field of client
>> certificate contains this: "pepe"
>> If my file raddb/users constains this: "pepe123" Auth-Type := EAP
>> Radius sends an Access-Acept and they shouldn't.
>>
>
> (1) EAP-TLS authenticates users based on client certificates. If you
> don't want a user to be authenticated, don't issue them a client
> certificate. Or, revoke their client certificate.
>
> (2) The configuration you posted disagrees with itself. Are you
> configuring something for "pepe", or "pepe123" ?
>
> (3) The configuration you posted does nothing other than request EAP
> authentication... which is already done for EAP-TLS.
>
> (4) Nothing in what you posted indicates that the server should reject
> anyone.
>
> i.e. You have NOT configured the server to reject any users. As a
> result, it does not reject anyone.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
Thanks, it's really easy to understand. Do you know if freeradius can
make ocsp request? jejeje
In
/freeradius-server-2.0.5/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
they mention ocsp protocol but in eap.conf there are nothing about this!!
Thanks again
More information about the Freeradius-Users
mailing list