TLS: assigning certificates to username

dump at dump at
Thu May 5 00:14:59 CEST 2016

Dear list.

I'm running freeradius 2.2.5 on Debian jessie.

The system is configured to work in TLS and TTLS mode parallel and
almost everything is running as expected.

One thing is: In TLS-mode the dial-in user has to choose certificates
and a username. My problem is now that the username can be chosen
freely, as the username sent by the dial-in client is written only into
the postauth and acct tables. Due to this the user is able to bypass any
user specific regulations.

I'm sure it is already documented, how to assign certificates to a
dedicated username. But I so far didn't find it.

Maybe somebody may give me a hint, where to look?

Many thanks in advance and
best regards


More information about the Freeradius-Users mailing list