EAP-TLS User-Name not matching
Huckle Berry
huck.berry at gmail.com
Mon Jan 18 05:35:58 CET 2010
On Sun, Jan 17, 2010 at 3:33 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> okay. EAP user-name doesnt match the original identity...and no user
> found either.
>
> 2 things you need to ensure
>
> 1) in proxy.conf you have 'nostrip' defined for example.com
>
This was beginning to occur to me. Initially I ignored proxy.conf because i
figured I would never need to proxy anything, but I now see FR proxies to
itself...
OK, I just tested this and it resulted in me DoS myself as the request
bounced back and forth between 127.0.0.1 and 192.168.1.3. This happened both
with my eap.conf and the default eap.conf. Something about there being 200+
Proxy-State attributes.
>
> 2) in users file you include the details for the user 'user' eg
>
> user Cleartext-Password := "password"
>
I'm using Certificate based authentication, with myself as the CA, so no
password should be needed correct? Or is the Password used to sign the cert
needed here?
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100117/74173254/attachment.html>
More information about the Freeradius-Users
mailing list