_Stefan_H wrote: > Hello, due to a typing error i realized that there is a mistake at my > configuration, the eap-tls is working fine but it doesn't matter what name > is written in the certificate, ldap is returning not found but the user is > always accepted. I looked at the ldap module for an identity check but i > can't find it and setting access_attr = "uid" makes no difference. > > Please give me a hint where i have to look.
EAP-TLS does authentication by checking the certificate, not the user name. If you want the LDAP module to reject users who aren't in LDAP, edit raddb/sites-enabled/default, the "authorize" section. Change the line saying "ldap" to: ldap { notfound = reject } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html