Odp: Re: eap-tls with valid and fake certificates.
codythejack at o2.pl
Wed Jan 8 10:43:17 CET 2020
Hi ! Thanks for help. MM
Dnia 27 grudnia 2019 23:42 Matthew Newton <mcn at freeradius.org> napisał(a):
On Fri, 2019-12-27 at 17:47 +0100, codythejack wrote:
Hello ! The Idea is to authenticate users with eap-tls with
certficates. People without any certificate should use different vlan
provided by Radius. Only supported authentication should be eap-
tls. Is it possible to make authentication with eap-tls with
certficates for valid users and some "guest vlan" for users
which hasnt any or unknown certificates ?
It's not possible. If the device doesn't present a valid certificate,
it won't authenticate. You can't force an "Accept" with EAP methods.
You will need to use a different method to handle guest accounts. If
you want to use EAP-TLS only you will have to issue certificates to
List info/subscribe/unsubscribe? See www.freeradius.org www.freeradius.org
More information about the Freeradius-Users