Hi, for a SSID wireless network I'm trying, without success, to proxy EAP-TLS auth (based on certificate's CN) to specific Windows RADIUS that are members of two domain on AD. For example what I want to obtain is that: - EAP-TLS of client A, member of domain X, is proxied by Freeradius to RADIUS/AD of that domain - EAP-TLS of client B, member of domain Y, is proxied by Freeradius to RADIUS/AD of that domain - EAP-TLS of client C, member of any domain, is managed by file user I've obtained a similar setup for EAP-TTLS using this configuration in inner-tunnel authorize section: if ("%{Called-Station-Id}" =~ /:SSID_S$/ ) { if ("%{User-Name}" =~ /@domainx.com$/ || "%{User-Name}" =~ /\. domainx.com$/ || "%{User-Name}" =~ /^DOMAINX\\\\/ ) { update control { Proxy-To-Realm := 'AD_DOMAINX' } } } Is it possible to obtain this setup with EAP-TLS? How? Thanks -- Davide Belloni http://about.me/davidebelloni http://www.linkedin.com/in/davidebelloni