user(name) and EAP-TLS
Matthew Newton
mcn4 at leicester.ac.uk
Sat Aug 4 12:57:51 CEST 2012
On Sat, Aug 04, 2012 at 11:10:38AM +0200, Klaus Klein wrote:
> Therefore I'm a bit puzzled that if no matching entry in users
> is found that the authentication still takes place.
Try one of:
a) move files above eap in sites-enabled/default. This will mean
that the eap short-circuit won't skip files. It will also mean
that you hit files a lot more than before, which will have a
performance impact (the scale of which depends on the number of
auths, of course).
b) use 3.0, and set a virtual_server for tls. You can then run
files in that, and check attributes before accepting or
otherwise.
c) backport the tls virtual server patch to 2.x - it's pretty
simple.
Cheers
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list