radius x509 authentication + LDAP ? [SEC=UNCLASSIFIED]

Alan DeKok aland at deployingradius.com
Fri May 23 17:11:46 CEST 2008

Riccardo Veraldi wrote:
> but still authentication is succesful using EAP-TLS even if user is not
> in LDAP Directory.
> any hints ?

  That's how EAP-TLS works.  If you issued them a certificate, it means
that they are authenticated.

  If you don't want to authenticate them, I'm curious why you issued
them a certificate.

  But if you still want to reject them... you can.  Just put them into
an LDAP group, and reject everyone in that LDAP group.

  Alan DeKok.

More information about the Freeradius-Users mailing list