user(name) and EAP-TLS

Klaus Klein k.klein at
Sat Aug 4 16:13:31 CEST 2012

Am 04.08.2012 12:57, schrieb Matthew Newton:
> On Sat, Aug 04, 2012 at 11:10:38AM +0200, Klaus Klein wrote:
>> Therefore I'm a bit puzzled that if no matching entry in users
>> is found that the authentication still takes place.
> Try one of:
>   a) move files above eap in sites-enabled/default. This will mean
>   that the eap short-circuit won't skip files. It will also mean
>   that you hit files a lot more than before, which will have a
>   performance impact (the scale of which depends on the number of
>   auths, of course).
>   b) use 3.0, and set a virtual_server for tls. You can then run
>   files in that, and check attributes before accepting or
>   otherwise.
>   c) backport the tls virtual server patch to 2.x - it's pretty
>   simple.

Thanks for your suggestions. I guess I'll try them in the order a, c, b.

But maybe I should have been a bit more precise in my first email.
The final (first) productive installation should protect the access to my private WLAN with 3+ APs and 10+ clients.
So the performance impact in suggestion a) will be limited. ;-)

Currently I have set up a test environment to try and learn and, as a side effect to a more secure WLAN, a more detailed understanding of how (free)RADIUS works.


More information about the Freeradius-Users mailing list