user(name) and EAP-TLS
Alan DeKok
aland at deployingradius.com
Fri Aug 3 22:06:55 CEST 2012
Klaus Klein wrote:
> I'm working on securing the access to a WLAN network with
> WPA2-Enterprise, EAP-TLS and a FreeRADIUS server.
Which uses certificates for authentication.
> Everything seemed to work as expected until realized that a client will
> be authenticated (by eap) even if the user(name), provided with the
> mandatory "identifier" entry in wpa_supplicant.conf, doesn't exist in
> the users file.
That's how EAP-TLS works.
> To verify this I used the unedited 'default' users file provided with
> the FreeRADIUS package and the user/name 'FooBar'.
> Is that meant to be like this or do I miss something?
That's how EAP-TLS works.
Alan DeKok.
More information about the Freeradius-Users
mailing list