Thanks John for the reply.
can I use EAP-TLS method of authentication with LDAP as backend datastore to check usernames and passwords.
It would be like I bind to RADIUS server with EAP-TLS method using certificate and check usernames and passwords from LDAP server
if yes on EAP-TLS can you please tell me how to configure EAP-TLS with LDAP as backend datastore.
Basically I want to avoid harcoded usernames and passwords in raddb of RADIUS server for authenticating users which I am doing currently .
ldap {
server = "localhost"
# identity = "cn=admin,o=My Org,c=UA"
identity = "uid=admin,ou=CamUsers,dc=vmbox,dc=int"
password = admin
basedn = "ou=CamUsers,dc=vmbox,dc=int"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# base_filter = "(objectclass=radiusprofile)"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = yes
# tls_cacertfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem
# tls_cacertdir = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts
# tls_certfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem
# tls_keyfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem
# tls_randfile = /path/to/rnd
tls_require_cert = "allow"
Waiting for your inputs
Thanks and Regards,
Pramod