TLS authentication works, but does not check usernames against 'users' file.

Phil Mayers p.mayers at
Tue Nov 30 18:07:20 CET 2010

On 30/11/10 16:55, Andrew Bovill wrote:

> It seemed to me that it wouldn't connect if I left the Identity blank,
> so that may be what was confusing me.

Most supplicants will use the "cn=XXX" from the cert as the identity, 
but it really makes sense to ask, because they may not be (often are 
not) the same

> I doesn't seem to me like there would be, but is there any way to have,
> say, a 'guest' certificate, that can be handed out to multiple people
> and be used simultaneously with EAP/TLS?

A certificate is like any other credential; anyone who knows it (or has 
it) can use it.

Whether that's a good idea is another matter; how do you revoke it and 
manage re-issuance once one guest leaves? How do you distinguish between 
their activity? And so on.

More information about the Freeradius-Users mailing list