Users in SQL not accepted, AD works.

[Alan DeKok]

On Jan 9, 2024, at 4:19 AM, it at wehle.dev wrote:
> Well, yes. That's my fault as I patched the changes into a production system (we do not yet have a testing environment) and if I let the server run for 30 more seconds, more clients will connect and flood the output.

  It's easy to set up a testing system.  Or, run the same server on a different port from the command line.

> Regarding the certificates: normal logins, i.e. those that use ntlm_auth, are possible - even with the same client, so I assumed them to be fine. I guess sql-based logins required EAP-TLS then?

  No.

  The devices are doing EAP-TLS because they've been configured to do EAP-TLS.  The devices have no idea which database is configured for FreeRADIUS.

> My intention was to use the system's Let's Encrypt-certificates which are used within the tls-eap-peap configuration and only use tls-eap-tls for certificate based logins at some point, and didn't assume that changing the source of the passwords to sql would change anything there.

  Configure the devices properly.  The wiki page I linked to explains this in detail.

  Alan DeKok.