user(name) and EAP-TLS

Matthew Newton mcn4 at
Sat Aug 4 12:57:51 CEST 2012

On Sat, Aug 04, 2012 at 11:10:38AM +0200, Klaus Klein wrote:
> Therefore I'm a bit puzzled that if no matching entry in users
> is found that the authentication still takes place.

Try one of:

 a) move files above eap in sites-enabled/default. This will mean
 that the eap short-circuit won't skip files. It will also mean
 that you hit files a lot more than before, which will have a
 performance impact (the scale of which depends on the number of
 auths, of course).

 b) use 3.0, and set a virtual_server for tls. You can then run
 files in that, and check attributes before accepting or

 c) backport the tls virtual server patch to 2.x - it's pretty



Matthew Newton, Ph.D. <mcn4 at>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list