doubt about EAP/TLS mechanism
Hi, Using EAP/TLS authentication, I noticed that even if the user doesn't exist int the users file, theEAP/TLS authentication still proceeds and the key exchange still occur, access accept is also sent together with MS-MPPE-Recv-Key and MS-MPPE-Send-Key. rlm_realm: No '@' in User-Name = "lara", looking up realm NULLrlm_realm: No such realm "NULL"modcall[authorize]: module "suffix" returns noop for request 3modcall[authorize]: module "files" returns notfound for request 3 -- user lara not found Is there any impact of this on the authentication process ? What's the purpose of checking users file in the EAP/TLS authentication ? Regards, Lara La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit- Guy de Maupassant - Do you Yahoo!?vote.yahoo.com - Register online to vote today!
Re: doubt about EAP/TLS mechanism
Lara Adianto [EMAIL PROTECTED] wrote: Using EAP/TLS authentication, I noticed that even if the user doesn't exist int the users file, the EAP/TLS authentication still proceeds and the key exchange still occur, access accept is also sent together with MS-MPPE-Recv-Key and MS-MPPE-Send-Key. Yes, because you defined the user in another database. There's nothing magic about the users file. It's just one of many databases the server uses to look for users. modcall[authorize]: module files returns notfound for request 3 -- user lara not found Is there any impact of this on the authentication process ? If the user can log in, obviously not. What's the purpose of checking users file in the EAP/TLS authentication ? So you can configure check reply attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html