Setting VLAN based on Certificate Issuer

Alan DeKok aland at
Thu Nov 20 16:33:31 CET 2008

Edgar Fuß wrote:
> I thought this was a FAQ but apparently it isn't.
> I have an 1.1.7 FreeRADIUS server up and running with EAP/TLS.
> Now, I would like to put clients into different VLANs based on who signed
> their certificate.
> Is there a way to set the Tunnel-Private-Group-Id attribute based on the
> certificate issuer? Is the Rlm_eap module able to export any information
> on the certificate chain?
> Switching to 2.1.1 wouldn't be a problem for me I suppose.

  This isn't supported right now.  There is no way to access the
certificate chain.

  There were some patches to enable some of this, but they haven't been
integrated into the server.

  Alan DeKok.

More information about the Freeradius-Users mailing list