user(name) and EAP-TLS

Alan DeKok aland at deployingradius.com
Sat Aug 4 18:48:00 CEST 2012


Klaus Klein wrote:
> Also
> ... an authorization module searches a database ...
> (/etc/freeradius/users ?)
> --- if none of database records for this User-Name matches ...
> authorization will fail.
> 
> Therefore I'm a bit puzzled that if no matching entry in users is found
> that the authentication still takes place.

  Because if you read the raddb/sites-available/default, the "eap"
module is run during authorization.

> I think in that case the behavior contradicts the 'Request Processing'
> described in aaa.rst.gz

  No.

  Alan DeKok.


More information about the Freeradius-Users mailing list