Freeradius and client certificate support
minfrin at sharp.fm
Mon Aug 30 03:51:12 CEST 2010
I would like to configure an access point to accept client
certificates only, with no usernames and passwords.
As a understand, what I am looking for is EAP-TLS, and I have
attempted to configure it against a mikrotik routerboard. I see the
radius packet entering the server, with the User-Name set to the MAC
address of the incoming client (mikrotik default behaviour).
My next step is to suitably configure freeradius to accept the login
based on the attributes within the client certificate, and to accept
any User-Name, however I can find no documentation how to do this.
Ideally, I would like the effective freeradius login name to be the DN
of the client certificate.
Does anyone know whether this is possible, and if so, what I need to
tell freeradius to make this happen?
I am using freeradius-1.1.3-1.5.el5_4 (on an RHEL5 system).
More information about the Freeradius-Users