Freeradius+MySql+EAP_TLS: authentication without MySQl Entry

Esteban TALAVERA etalaveran at gmail.com
Wed Oct 20 15:52:57 CEST 2010


Thanks!


On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok <aland at deployingradius.com>wrote:

> Esteban TALAVERA wrote:
> > My freeradius + MySQL + EAP_TLS is working, but I have a problem.
> >
> > I assumed that without an entry in MySQl database, the client can not
> > authenticate,
>
>   That's not how EAP-TLS works.
>
> > but I forgot to create one user's database entry and the
> > laptop was able to join the network.
> >
> > It is possible a client authentication without a database entry, just
> > with the certificates
>
>   That's how EAP-TLS works.
>
>  If you want to reject the user, configure the server to look up the
> username in the DB, and reject if they're not found.  Or, use TLS as it
> was intended to be used: revoke the client certificate.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 

*Esteban Talavera*

*
*

*Proyectos ITW C.A.

*

Tel.    +(58)212 7623035

+(58)212 7620504

Cel. +(58)412 2892006

Fax       +(58)212 7615965
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101020/7f9a2b12/attachment.html>


More information about the Freeradius-Users mailing list