Stephen Bowman wrote:
When using EAP-TLS as the only method in freeradius, is there a way to
define a list of allowed users, perhaps by the CN on their client
certificate?
Or the User-Name attribute, which should be the same as the client CN.
Alan DeKok.
--
http://deployingradius.com
Ok, so I put a list of usernames in the users file with an Auth-Type := EAP
?
Right now, everyone with a valid client certificate is authenticated (nobody
is listed in the users file). Once I start enumerating them in the users
file, will it have an implicit deny all of everyone who isn't in
Stephen Bowman wrote:
Ok, so I put a list of usernames in the users file with an Auth-Type :=
EAP ?
No. Setting Auth-Type is almost always wrong. In this case, it will
do nothing.
Instead, put the good users into a group (see man rlm_passwd).
Then, reject everyone who isn't in that
When using EAP-TLS as the only method in freeradius, is there a way to
define a list of allowed users, perhaps by the CN on their client
certificate?
I want it so that not *everyone* who has a certificate signed by the CA list
can authenticate, but rather a select few (of which I know the CN of
4 matches
Mail list logo