802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs

Matthew Newton mcn4 at leicester.ac.uk
Thu Mar 22 17:52:00 CET 2012


Hi,

On Thu, Mar 22, 2012 at 04:27:14PM +0100, PENZ Robert wrote:
> But how to I execute the SQL authorize_reply_query query after I
> did a EAP authentication? I don't do that currently in
> post-auth. I just have the sql modul activated in authorize.

Sorry, can't help here. I've never done any SQL in FreeRADIUS.

But my previous comments apply. You can set any VLANs based on
calling-station-id or other normal attributes in authorize or
post-auth, but if you want to set VLANs based on the certificate
subject special attributes, you'll need to upgrade to 2.1.12 and
do it in post-auth.

When 3.x arrives, there is a new feature that lets you do it in an
eap-tls virtual server authorize section, but that's not available
yet. Still, there should be no need for that unless you want to
reject connections based on TLS certificate data, rather than just
set the VLAN.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list