TLS: assigning certificates to username

dump at dump at
Sat May 21 09:28:40 CEST 2016

Dear list,


> To my knowledge a TLS certificate will contain a username (a NAI) in
> TLS-Client-Cert-Common-Name.
> You can always check that if the TLS name does not match the username
> specified, you reject the request?


many thanks for the comments.

I activated `check_cert_cn' in eap.conf. Now users can't choose a login
name by their own and so bypass user specific regulations.


More information about the Freeradius-Users mailing list