Klaus Klein wrote: >> Which uses certificates for authentication. > Correct.
Thanks for the vote of confidence. The point of my comment was that it DOESN"T use names && passwords for authentication. > Is it then correct that the 'check_cert_cn' option in eap.conf is the > only way to prevent anyone on the client side to tamper with the > identity entry, and thereby avoiding restrictions (e.g. Login-Time) for > that client? That's what check_cert_cn is for. This is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html