Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Yeah, complex sql really can be quite slow, specially when the queries are being run multiple times for all the rounds required in eap authentication.
If you're using the TLS variants of EAP, you can do:
Except if you're using plain EAP-TLS where there's no inner tunnel IIRC? I have wondered where it might be sensible to fake a PAP request with the certificate details for EAP-TLS. This would provide (I think) quite a good way for people to do certificate checking and logging etc. User-Name = "theCN" User-Password = "theCN" FreeRADIUS-Cert-Subject = "cn=theCN,o=Foo,c=GB" FreeRadius-Cert-Issuer = "ou=ICT,o=Foo,c=GB" FreeRADIUS-SubjectAltName = "email:theCN@foo.co.uk" FreeRADIUS-SubjectAltName = "email:forname.surname@foo.co.uk" ..etc.