On Mar 30, 2015, at 5:31 AM, Franks Andy (IT Technical Architecture Manager) <Andy.Franks@sath.nhs.uk> wrote:
Using FR v3.1.0.
There is no version 3.1.0. I suggest using a released version.
I was wondering if there is any way I could read a TLS client certificate field (probably MS specific) called "Certificate Template Information”.
No. The examples in sites-enabled/default describe which TLS fields are available. If the field isn’t listed, it’s not available.
We have an M$ CA (for now), and one of the strings within this field contains the name of the certificate template, which I want to check, to make sure that people aren't making up their own cert templates and randomly giving wireless access to people in the wrong way (I have good reason).
Except all of that information is publicly available. You’re not really adding any security here.
I presume I can't do what I'm trying to achieve? The obvious thing would be to stop other people issuing certs, but I may as well learn to code C properly and rewrite the module, it would be easier :-)
No. You should use a good CA design. It’s not really clear what you’re doing or why. Perhaps talking about the *problem* could help. Right now, you’re asking why a particular solution doesn’t work. Well, if you’re not clear on the problem or on FreeRADIUS, the solution is likely to be wrong. Alan DeKok.