TLS authentication works, but does not check usernames against 'users'file.

Nolan King nking at
Wed Dec 1 18:11:03 CET 2010

It is easier for me to put explicit denies in the users file when authenticating with TLS. By default anyone with a valid cert gets in. See also certificate revocation list

>>> Andrew Bovill <abovill at> 11/30/10 7:56 AM >>>

I'm trying to get WPA Enterprise EAP/TLS working with my wireless 
router.  It appears that the TLS portion of the authentication works 
(valid certificates give me a working connection) but it does NOT appear 
to actually be checking the username/password combination that is also 
sent along the line.

I have followed the WPA_HOWTO as best I could (my clients are OS X and 
Android and Gentoo, not Windows XP) but I can't figure out how to 'fail' 
an auth attempt with an invalid user/pass combination.

Here is the debug output:
Thanks for any advice.  I didn't want to start reconfiguring with a 
shotgun :)


More information about the Freeradius-Users mailing list