radius x509 authentication + LDAP ? [SEC=UNCLASSIFIED]
aland at deployingradius.com
Fri May 23 17:11:46 CEST 2008
Riccardo Veraldi wrote:
> but still authentication is succesful using EAP-TLS even if user is not
> in LDAP Directory.
> any hints ?
That's how EAP-TLS works. If you issued them a certificate, it means
that they are authenticated.
If you don't want to authenticate them, I'm curious why you issued
them a certificate.
But if you still want to reject them... you can. Just put them into
an LDAP group, and reject everyone in that LDAP group.
More information about the Freeradius-Users