Best way to deny users not matching any groups in the SQL DB

Sylvain Munaut s.munaut at whatever-company.com
Mon Feb 22 16:53:49 CET 2016


On Mon, Feb 22, 2016 at 4:49 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Feb 22, 2016, at 10:46 AM, Sylvain Munaut <s.munaut at whatever-company.com> wrote:
>>
>>>> Well my use case is not that simple :)
>>>> If you're issued a cert you can prove who you are. But then depending
>>>> on who you proved you were, you're going to be granted / denied access
>>>> to whatever you're requesting to access.
>>>
>>>  That has *nothing to do with EAP-TLS*.  You're again confusing two unrelated issues.
>>
>> Do you even read what I write ?
>
>   Carefully.
>
>> Matthew wrote :
>>
>>   "if you can present a valid certificate then you are permitted to connect."
>>
>> To which I responded :
>>
>> """
>> If you're issued a cert you can prove who you are. But then depending
>> on who you proved you were, you're going to be granted / denied access
>> to whatever you're requesting to access.
>> """
>>
>> WHERE in that am I mixing things up ?!?
>
>   *How* the user authenticated themselves is completely independent of *what* the user is allowed to do.

!?!

And where exactly in my statement do I say anything that contradicts that ?


Cheers,

    Sylvain


More information about the Freeradius-Users mailing list