LDAP authorize for both EAP-TLS and EAP-PEAP
David Hartburn
D.J.Hartburn at kent.ac.uk
Mon Jan 25 17:56:26 CET 2016
Sorry, this is the first chance I have had to come back to this.
No, we are not using that as the virtual server. I think ours was based
on the default and is doing EAP-TLS too.
Currently if the request comes from our wireless LAN controllers it puts
it into our local eduroam virtual server, to which I added EAP-TLS.
I'm struggling to find any documentation or examples on using the
check_eap_tls module. It is a case of putting something in our local
eduroam virtual server to punt TLS attempts off to this server? Where
would you put that without breaking the EAP-PEAP authentication?
David
On 18/12/15 11:41, Matthew Newton wrote:
> On Fri, Dec 18, 2015 at 11:12:52AM +0000, David Hartburn wrote:
>> We are using LDAP to check for group membership, so we need the lookup to do
>> that authorization.
>
> Are you using the check_eap_tls virtual server? It's designed to
> do just that for EAP-TLS.
>
> It gets called once at certificate verification time.
>
> Matthew
>
>
More information about the Freeradius-Users
mailing list