Hi,
I still haven't figured this one out, and would really appreciate some
help. I've tried playing around with the DEFAULT profile in the users
file, giving it Auth-Type: Reject, but certificates with CN not in the
database are still authenticated. How do I get freeradius to check for
the username in mysql with EAP-TLS?
Cheers, Ben
Ben Dowling wrote:
Hi,
I have freeradius-1.04 configured with MySQL using EAP-TLS and PEAP
for authentication. I wish to reject users whose common name (CN) is
not included in the MySQL database. I have read the thread regarding
this exact problem at:
http://lists.cistron.nl/pipermail/freeradius-users/2004-May/032110.html
and it seems I need to set the DEFAULT profile to reject. I don't
quite understand the thread though, is this the DEFAULT profile in the
users file, or can I configure this in MySQL. Either way, could
someone please provide me with an example of what the DEFAULT profile
entry should look like in order to achieve this?
Thanks for the help,
Ben Dowling
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html