Freeradius+MySql+EAP_TLS: authentication without MySQl Entry
Alan DeKok
aland at deployingradius.com
Wed Oct 20 15:49:21 CEST 2010
Esteban TALAVERA wrote:
> My freeradius + MySQL + EAP_TLS is working, but I have a problem.
>
> I assumed that without an entry in MySQl database, the client can not
> authenticate,
That's not how EAP-TLS works.
> but I forgot to create one user's database entry and the
> laptop was able to join the network.
>
> It is possible a client authentication without a database entry, just
> with the certificates
That's how EAP-TLS works.
If you want to reject the user, configure the server to look up the
username in the DB, and reject if they're not found. Or, use TLS as it
was intended to be used: revoke the client certificate.
Alan DeKok.
More information about the Freeradius-Users
mailing list