EAP-TLS and user name
Sven_Menschner at drewag.de
Sven_Menschner at drewag.de
Fri Jul 25 13:25:30 CEST 2014
Hi,
we have setup a freeradius server for WLAN authentication. We have
deployed a PKI to use EAP-TLS and everything runs fine so far.
But I am wondering if the user name provided by the supplicant is used by
freeradius at all when using this authentication method.
I have tested these scenarios:
1. no entry in users file [files] module
returns noop supplicant is authenticated via EAP
2. added plain user name to users file [files] module matches
user and returns OK supplicant is authenticated via EAP
3. added user name with "Auth-Type := EAP" [files] module returns
noop supplicant is authenticated via EAP
If I provide a wrong user name in the supplicant configuration (it doesn't
match the user name in client certificate), authentication still works.
So is it checked at all? If so, does that imply that everyone is able get
authenticated as soon as he gets the client certificate, even if he
doesn't know the users identity?
So some explanation about the relation between EAP-TLS and the user store
would be great...
Many thanks in advance.
Best Regards,
Sven Menschner
-------------------------------------------------------------------------
DREWAG - Stadtwerke Dresden GmbH
Sitz der Gesellschaft: Dresden
Geschäftsführer: Reiner Zieschank (Sprecher), Dr. Reinhard Richter
Vorsitzende des Aufsichtsrates: Helma Orosz, Oberbürgermeisterin
Registergericht: Amtsgericht Dresden HRB 2626
-------------------------------------------------------------------------
DREWAG - das heißt für Sie: sehr guter Service und ein faires
Preis-Leistungs-Verhältnis!
2013 wurde die DREWAG wiederholt vom Wirtschaftsmagazin FOCUS-Money
als einer der fairsten Stromversorger Deutschlands ausgezeichnet.
More information about the Freeradius-Users
mailing list