suggestions for multiple vlans in hundreds of switches
Phil Mayers
p.mayers at imperial.ac.uk
Sat Apr 21 14:56:52 CEST 2007
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>
>> Yeah, complex sql really can be quite slow, specially when the queries
>> are being run multiple times for all the rounds required in eap
>> authentication.
>
> If you're using the TLS variants of EAP, you can do:
Except if you're using plain EAP-TLS where there's no inner tunnel IIRC?
I have wondered where it might be sensible to fake a PAP request with
the certificate details for EAP-TLS. This would provide (I think) quite
a good way for people to do certificate checking and logging etc.
User-Name = "theCN"
User-Password = "theCN"
FreeRADIUS-Cert-Subject = "cn=theCN,o=Foo,c=GB"
FreeRadius-Cert-Issuer = "ou=ICT,o=Foo,c=GB"
FreeRADIUS-SubjectAltName = "email:theCN at foo.co.uk"
FreeRADIUS-SubjectAltName = "email:forname.surname at foo.co.uk"
..etc.
More information about the Freeradius-Users
mailing list