On Sat, Aug 04, 2012 at 11:10:38AM +0200, Klaus Klein wrote: > Therefore I'm a bit puzzled that if no matching entry in users > is found that the authentication still takes place.
Try one of: a) move files above eap in sites-enabled/default. This will mean that the eap short-circuit won't skip files. It will also mean that you hit files a lot more than before, which will have a performance impact (the scale of which depends on the number of auths, of course). b) use 3.0, and set a virtual_server for tls. You can then run files in that, and check attributes before accepting or otherwise. c) backport the tls virtual server patch to 2.x - it's pretty simple. Cheers Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html