aland at deployingradius.com
Mon Mar 30 14:43:30 CEST 2015
On Mar 30, 2015, at 5:31 AM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks at sath.nhs.uk> wrote:
> Using FR v3.1.0.
There is no version 3.1.0. I suggest using a released version.
> I was wondering if there is any way I could read a TLS client
> certificate field (probably MS specific) called "Certificate Template
No. The examples in sites-enabled/default describe which TLS fields are available. If the field isn’t listed, it’s not available.
> We have an M$ CA (for now), and one of the strings within
> this field contains the name of the certificate template, which I want
> to check, to make sure that people aren't making up their own cert
> templates and randomly giving wireless access to people in the wrong way
> (I have good reason).
Except all of that information is publicly available. You’re not really adding any security here.
> I presume I can't do what I'm trying to achieve? The obvious thing would
> be to stop other people issuing certs, but I may as well learn to code C
> properly and rewrite the module, it would be easier :-)
No. You should use a good CA design.
It’s not really clear what you’re doing or why. Perhaps talking about the *problem* could help. Right now, you’re asking why a particular solution doesn’t work. Well, if you’re not clear on the problem or on FreeRADIUS, the solution is likely to be wrong.
More information about the Freeradius-Users