3 Jul
2010
3 Jul
'10
4:34 a.m.
Riccardo Veraldi wrote:
Hello, is it possible in some way to use EAP-TLS X509 authentication together with LDAP authorization in freeradius2 ?
Yes. You can look the username up in LDAP, and reject the request if the user doesn't exist.
Actually freeradius2 allows EAP-TLS authentication, but if I wanted to extract the emailAddress or CN field from the X509 certificate and authorize it against my LDAP tree information to allow or disallow WiFi access, is it possible ??
Not really, no.
Or the only way to authorize a EAP-TLS X509 user is only thru freeradius2 users file ?
The limitation isn't the users file. It's that extracting the fields from the certificate is hard. Patches are welcome. Alan DeKok.