28 Jun
2010
28 Jun
'10
7:33 a.m.
Edgar Fuß wrote:
Whein using EAP-TLS, is there any sane way of restricting the use of a CA Certificate to a subset of the possible identities? I.e., is it possible to configure a single FreeRADIUS 2 server to accept users @foo.my.domain only if their Certificates are signed with CA-Cert.foo and users @bar.my.domain only if theirs are signed with CA-Cert.bar?
Not really. You can configure 2 EAP modules, and have requests for different domains be handled by different modules. Alan DeKok.