TLS authentication works, but does not check usernames against 'users' file.

John McDonnell mcdonnjd at pcam.org
Tue Nov 30 17:05:40 CET 2010


> -----Original Message-----
> On Behalf Of Andrew Bovill
> 
>   Hi,
> 
> I'm trying to get WPA Enterprise EAP/TLS working with my wireless
> router.  It appears that the TLS portion of the authentication works
> (valid certificates give me a working connection) but it does NOT
> appear
> to actually be checking the username/password combination that is also
> sent along the line.
> 
> I have followed the WPA_HOWTO as best I could (my clients are OS X and
> Android and Gentoo, not Windows XP) but I can't figure out how to
> 'fail'
> an auth attempt with an invalid user/pass combination.
> 
> Here is the debug output:
> Thanks for any advice.  I didn't want to start reconfiguring with a
> shotgun :)
> *snipped*

IIRC, that is how EAP-TLS works. If the client has a valid certificate, it
can connect.

Check this previous message that is similar to what I think you are trying
to do:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg66246.h
tml

-- 
John D McDonnell
Penn Cambria School District
mcdonnjd at pcam.org
O< ASCII Ribbon Campaign - http://www.asciiribbon.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4101 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101130/75cb4a5c/attachment.bin>


More information about the Freeradius-Users mailing list