Freeradius+MySql+EAP_TLS: authentication without MySQl Entry [SOLVED]
Esteban TALAVERA
etalaveran at gmail.com
Wed Oct 20 15:53:59 CEST 2010
On Wed, Oct 20, 2010 at 9:22 AM, Esteban TALAVERA <etalaveran at gmail.com>wrote:
> Thanks!
>
>
> On Wed, Oct 20, 2010 at 9:19 AM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> Esteban TALAVERA wrote:
>> > My freeradius + MySQL + EAP_TLS is working, but I have a problem.
>> >
>> > I assumed that without an entry in MySQl database, the client can not
>> > authenticate,
>>
>> That's not how EAP-TLS works.
>>
>> > but I forgot to create one user's database entry and the
>> > laptop was able to join the network.
>> >
>> > It is possible a client authentication without a database entry, just
>> > with the certificates
>>
>> That's how EAP-TLS works.
>>
>> If you want to reject the user, configure the server to look up the
>> username in the DB, and reject if they're not found. Or, use TLS as it
>> was intended to be used: revoke the client certificate.
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
>
> *Esteban Talavera*
>
> *
> *
>
> *Proyectos ITW C.A.
>
> *
>
> Tel. +(58)212 7623035
>
> +(58)212 7620504
>
> Cel. +(58)412 2892006
>
> Fax +(58)212 7615965
>
>
>
>
--
*Esteban Talavera*
*
*
*Proyectos ITW C.A.
*
Tel. +(58)212 7623035
+(58)212 7620504
Cel. +(58)412 2892006
Fax +(58)212 7615965
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101020/0893df43/attachment.html>
More information about the Freeradius-Users
mailing list