user(name) and EAP-TLS

Alan DeKok aland at
Fri Aug 3 22:06:55 CEST 2012

Klaus Klein wrote:
>  I'm working on securing the access to a WLAN network with
> WPA2-Enterprise, EAP-TLS and a FreeRADIUS server.

  Which uses certificates for authentication.

> Everything seemed to work as expected until realized that a client will
> be authenticated (by eap) even if the user(name), provided with the
> mandatory "identifier" entry in wpa_supplicant.conf, doesn't exist in
> the users file.

  That's how EAP-TLS works.

> To verify this I used the unedited 'default' users file provided with
> the FreeRADIUS package and the user/name 'FooBar'.
> Is that meant to be like this or do I miss something?

  That's how EAP-TLS works.

  Alan DeKok.

More information about the Freeradius-Users mailing list