Freeradius+MySql+EAP_TLS: authentication without MySQl Entry [SOLVED]

Esteban TALAVERA etalaveran at gmail.com
Wed Oct 20 15:53:59 CEST 2010


On Wed, Oct 20, 2010 at 9:22 AM, Esteban TALAVERA <etalaveran at gmail.com>wrote:

> Thanks!
>
>
> On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> Esteban TALAVERA wrote:
>> > My freeradius + MySQL + EAP_TLS is working, but I have a problem.
>> >
>> > I assumed that without an entry in MySQl database, the client can not
>> > authenticate,
>>
>>   That's not how EAP-TLS works.
>>
>> > but I forgot to create one user's database entry and the
>> > laptop was able to join the network.
>> >
>> > It is possible a client authentication without a database entry, just
>> > with the certificates
>>
>>   That's how EAP-TLS works.
>>
>>  If you want to reject the user, configure the server to look up the
>> username in the DB, and reject if they're not found.  Or, use TLS as it
>> was intended to be used: revoke the client certificate.
>>
>>  Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
>
> *Esteban Talavera*
>
> *
> *
>
> *Proyectos ITW C.A.
>
> *
>
> Tel.    +(58)212 7623035
>
> +(58)212 7620504
>
> Cel. +(58)412 2892006
>
> Fax       +(58)212 7615965
>
>
>
>


-- 

*Esteban Talavera*

*
*

*Proyectos ITW C.A.

*

Tel.    +(58)212 7623035

+(58)212 7620504

Cel. +(58)412 2892006

Fax       +(58)212 7615965
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101020/0893df43/attachment.html>


More information about the Freeradius-Users mailing list