EAP-TLS - OpenLDAP - UID Check
Alan DeKok
aland at deployingradius.com
Wed Jan 27 01:18:18 CET 2010
_Stefan_H wrote:
> Hello, due to a typing error i realized that there is a mistake at my
> configuration, the eap-tls is working fine but it doesn't matter what name
> is written in the certificate, ldap is returning not found but the user is
> always accepted. I looked at the ldap module for an identity check but i
> can't find it and setting access_attr = "uid" makes no difference.
>
> Please give me a hint where i have to look.
EAP-TLS does authentication by checking the certificate, not the user
name.
If you want the LDAP module to reject users who aren't in LDAP, edit
raddb/sites-enabled/default, the "authorize" section. Change the line
saying "ldap" to:
ldap {
notfound = reject
}
Alan DeKok.
More information about the Freeradius-Users
mailing list