TLS authentication works, but does not check usernames against 'users' file.

John McDonnell mcdonnjd at
Tue Nov 30 17:05:40 CET 2010

> -----Original Message-----
> On Behalf Of Andrew Bovill
>   Hi,
> I'm trying to get WPA Enterprise EAP/TLS working with my wireless
> router.  It appears that the TLS portion of the authentication works
> (valid certificates give me a working connection) but it does NOT
> appear
> to actually be checking the username/password combination that is also
> sent along the line.
> I have followed the WPA_HOWTO as best I could (my clients are OS X and
> Android and Gentoo, not Windows XP) but I can't figure out how to
> 'fail'
> an auth attempt with an invalid user/pass combination.
> Here is the debug output:
> Thanks for any advice.  I didn't want to start reconfiguring with a
> shotgun :)
> *snipped*

IIRC, that is how EAP-TLS works. If the client has a valid certificate, it
can connect.

Check this previous message that is similar to what I think you are trying
to do:

John D McDonnell
Penn Cambria School District
mcdonnjd at
O< ASCII Ribbon Campaign -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4101 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list