"Adrian Carpenter" <[EMAIL PROTECTED]> wrote: > The client certificate for bridge was created with openssl and issued to > "Ethernet Bridge". Whats odd here, is that with this certificate I'm able > to log into the radius server with the username "Ethernet Bridge" (As typed > into the login window in XP when logging into the network) even though that > user doesn't exist in the configuration, how is this possible, is freeradius > automatically allowing this user to login because the client certificate > validates?
Yes. FreeRADIUS doesn't need a username to authenticate a request. The various modules make that decision on their own. For EAP-TLS, if the certificate validates, then that request is OK. > Heres a line from the log, what's also odd here is that my firewall (sygate) > appears to me mangling the name somewhat, so there's a load of junk after > the name. > > Sat Feb 12 10:49:49 2005 : Auth: Login OK: [Ethernet > Bridge\000\000\377\034SygateSecurityAgent\000\000\000\000\000\000\000\000] > (from client WLAN port 0) Hmm... that's not nice. The firewall shouldn't be doing that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html