[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: eap-tls with valid and fake certificates.
From: Matthew Newton <mcn () freeradius ! org>
Date: 2019-12-27 22:41:43
Message-ID: 576ed1fc71b4b63f33f9e1f8751685dabe3527a6.camel () freeradius ! org
[Download RAW message or body]
On Fri, 2019-12-27 at 17:47 +0100, codythejack wrote:
> Hello ! The Idea is to authenticate users with eap-tls with
> certficates. People without any certificate should use different vlan
> provided by Radius. Only supported authentication should be eap-
> tls. Is it possible to make authentication with eap-tls with
> certficates for valid users and some "guest vlan" for users
> which hasnt any or unknown certificates ?
It's not possible. If the device doesn't present a valid certificate,
it won't authenticate. You can't force an "Accept" with EAP methods.
You will need to use a different method to handle guest accounts. If
you want to use EAP-TLS only you will have to issue certificates to
everyone.
--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic