EAP-TLS Machine-Auth Windows: difference between LAN and WiFi

Alexandros Gougousoudis gougousoudis-list at servicecenter-khs.de
Thu Oct 11 15:08:47 CEST 2012


Hi Alan,

thanks for your reply!

Alan DeKok schrieb:
>> "host/" as a realm for our Radsecproxy, I'd like to change the
>> behauviour for the authentication via LAN and add a string to the
>> <hostname>
>>     
>
>   Don't.  You will break EAP.
>
>   

That's not clear. Why would that break EAP if the workstations are 
sending a different Login? It already does, depending on LAN or WLAN 
Logins. I don't mean some kind of rewrite or redirect inside of 
Freeradius. Using Linux I can send whatever I want as the loginname.

>   Find a better solution.  Change your rules so that you're keying off
> of the correct data, and doing that only when you want.
>   

I have now a more or less complicated regex rule in the radsecproxy, but 
I thought it's more elegant to unify both logins.  I thought doing it in 
the profile-xml-file of the LAN connection in Win, but unfortunately 
it's not the right place for it. At least all official ressources I can 
find from MS, are not pointing out how to do that.



bye
 Alex



More information about the Freeradius-Users mailing list