radius x509 authentication + LDAP ? [SEC=UNCLASSIFIED]

Alan DeKok aland at deployingradius.com
Sun May 25 17:05:27 CEST 2008


Riccardo Veraldi wrote:
> Not all the people having a certificate should authenticate on my WiFi
> infrastructure.
> These certificates are for general purpose, so also for EAP-TLS,

  Then your PKI system is wrong.  You should NOT issue certificates for
multiple purposes.

  You should issue RADIUS (EAP-TLS) certificates ONLY to the people who
are allowed to use EAP-TLS.

> but some user in my case should not be authenticated.
> To select which are the users to be authenticated and which are not,
> I wanted to use LDAP properties. If a user is in the LDAP directory
> it should pass, if it is not, it should be refused, but at the end, I am
> unable to do it.

  Did you read my statement about using LDAP groups?  Do you know what
an LDAP group is?

  Alan DeKok.



More information about the Freeradius-Users mailing list