Best way to deny users not matching any groups in the SQL DB
Alan DeKok
aland at deployingradius.com
Mon Feb 22 16:49:09 CET 2016
On Feb 22, 2016, at 10:46 AM, Sylvain Munaut <s.munaut at whatever-company.com> wrote:
>
>>> Well my use case is not that simple :)
>>> If you're issued a cert you can prove who you are. But then depending
>>> on who you proved you were, you're going to be granted / denied access
>>> to whatever you're requesting to access.
>>
>> That has *nothing to do with EAP-TLS*. You're again confusing two unrelated issues.
>
> Do you even read what I write ?
Carefully.
> Matthew wrote :
>
> "if you can present a valid certificate then you are permitted to connect."
>
> To which I responded :
>
> """
> If you're issued a cert you can prove who you are. But then depending
> on who you proved you were, you're going to be granted / denied access
> to whatever you're requesting to access.
> """
>
> WHERE in that am I mixing things up ?!?
*How* the user authenticated themselves is completely independent of *what* the user is allowed to do.
Alan DeKok.
More information about the Freeradius-Users
mailing list