eap-tls with valid and fake certificates.
Matthew Newton
mcn at freeradius.org
Fri Dec 27 23:41:43 CET 2019
On Fri, 2019-12-27 at 17:47 +0100, codythejack wrote:
> Hello ! The Idea is to authenticate users with eap-tls with
> certficates. People without any certificate should use different vlan
> provided by Radius. Only supported authentication should be eap-
> tls. Is it possible to make authentication with eap-tls with
> certficates for valid users and some "guest vlan" for users
> which hasnt any or unknown certificates ?
It's not possible. If the device doesn't present a valid certificate,
it won't authenticate. You can't force an "Accept" with EAP methods.
You will need to use a different method to handle guest accounts. If
you want to use EAP-TLS only you will have to issue certificates to
everyone.
--
Matthew
More information about the Freeradius-Users
mailing list