user(name) and EAP-TLS

Klaus Klein k.klein at
Sat Aug 4 11:10:38 CEST 2012

Am 04.08.2012 03:15, schrieb Alan DeKok:
> Klaus Klein wrote:
>>>     Which uses certificates for authentication.
>> Correct.
>    Thanks for the vote of confidence.
You're welcome. :)

>    The point of my comment was that it DOESN"T use names&&  passwords for
> authentication.
I did understand this part.

Nevertheless, if I follow the documentation provided with freeradius (e.g. aaa.rst.gz) then authorization comes before authentication.

... an authorization module searches a database ... (/etc/freeradius/users ?)
--- if none of database records for this User-Name matches ... authorization will fail.

Therefore I'm a bit puzzled that if no matching entry in users is found that the authentication still takes place.

I think in that case the behavior contradicts the 'Request Processing' described in aaa.rst.gz


More information about the Freeradius-Users mailing list