But how to store attributes to database? Is there any universal way to write some "logs" to database the way I want? Ex, I want to write Calling Station ID and Certificate thumbprint to database in post-auth, and read it back in auth or pre-auth to check. On 2024-11-10 15:13, Alan DeKok wrote:
On Nov 9, 2024, at 8:23 PM, Rodrigo Prieto <rodrigoprieto2019@gmail.com> wrote:
Hello, I need to configure that if a client's certificate is in use, it cannot be used by another. I was looking at some examples on the web but it didn't work for me. If you can guide me, I appreciate it. First, define "who is using it", and "another system is using it". Once you know that information, the answer is relatively simple.
This usually means *reading* the debug output. Think ab out what's there. How does the RADIUS server "know" that the certificate is used by machine A versus machine B?
The answer is: by what's in the RADIUS packet. It's that simple. And, the information is in front of you... just read the debug output.
In general, if you want to tie a certificate to a machine, you track the MAC address (Calling-Station-ID) against the certificate. This tracking is done in a database.
Which database? Whatever one you're using, or you want to use.
How to track it? Write policies to look up the Calling-Station-Id and certificate details in the database.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html