Freeradius+MySql+EAP_TLS: authentication without MySQl Entry
Esteban TALAVERA
etalaveran at gmail.com
Wed Oct 20 15:52:57 CEST 2010
Thanks!
On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Esteban TALAVERA wrote:
> > My freeradius + MySQL + EAP_TLS is working, but I have a problem.
> >
> > I assumed that without an entry in MySQl database, the client can not
> > authenticate,
>
> That's not how EAP-TLS works.
>
> > but I forgot to create one user's database entry and the
> > laptop was able to join the network.
> >
> > It is possible a client authentication without a database entry, just
> > with the certificates
>
> That's how EAP-TLS works.
>
> If you want to reject the user, configure the server to look up the
> username in the DB, and reject if they're not found. Or, use TLS as it
> was intended to be used: revoke the client certificate.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
*Esteban Talavera*
*
*
*Proyectos ITW C.A.
*
Tel. +(58)212 7623035
+(58)212 7620504
Cel. +(58)412 2892006
Fax +(58)212 7615965
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101020/7f9a2b12/attachment.html>
More information about the Freeradius-Users
mailing list