Hi,
I have this user file:
TLS1 Cisco-AVPair == "ssid=VLAN3"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 3,
Tunnel-Type = VLAN
TLS2 Cisco-AVPair == "ssid=cn-test"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN
peap1 Cisco-AVPair == "ssid=VLAN3", User-Password == "ciao1"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 3,
Tunnel-Type = VLAN
peap2 Cisco-AVPair == "ssid=cn-test", User-Password := "ciao2"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Tunnel-Type = VLAN
DEFAULT Auth-Type := Reject
TLS1 and TLS2 are used for the EAP-TLS authentication with certificate.
I want that TLS1 is authentucate only with the ssid=vlan3 and TLS2 with
ssid=cn-test. The same for the users peap1 and peap2 but here I have a
peap authentication with user and password.
Without the DEFAULT user in the bottom of the user file with
auth-type:=reject, if I try to authenticate TLS1 with a bad ssid, my
user is authenticated without the attribute, but I don't want that this
user is authenticate in this case.
With DEFAULT user all works fine and the user is reject.
The problem is to set a default user if I want to use the sql database.
How can I do it? I need a default user that is matched only if the user
that asks the authentication isn't in the sql database.
I tried with the DEFAULT user in the sql.conf file but this is different
because it is always the first user tested, and in my case I have always
a reject authentication.
Thanks a lot.
Bye Antonio
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
