Hi, a newbie question before I start setting up Freeradius with EAP-TLS. Is it possible to configure Freeradius to make a double check when it receives an authentication request? I'd like it not only to check if the client certificate is valid but also if the user is in a DB "authorized_users" table. Thank you very much for your indications, Stefano
On 20 Mar 2015, at 18:07, Stefano Zanmarchi <zanmarchi@gmail.com> wrote:
Hi, a newbie question before I start setting up Freeradius with EAP-TLS. Is it possible to configure Freeradius to make a double check when it receives an authentication request? I'd like it not only to check if the client certificate is valid but also if the user is in a DB "authorized_users" table. Thank you very much for your indications,
Yes. Various fields in the certs are exposed as attributes which you can perform additional checks on. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
On Fri, Mar 20, 2015 at 11:10 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On 20 Mar 2015, at 18:07, Stefano Zanmarchi <zanmarchi@gmail.com> wrote:
Hi, a newbie question before I start setting up Freeradius with EAP-TLS. Is it possible to configure Freeradius to make a double check when it receives an authentication request? I'd like it not only to check if the client certificate is valid but also if the user is in a DB "authorized_users" table. Thank you very much for your indications,
Yes. Various fields in the certs are exposed as attributes which you can perform additional checks on.
I'd say that you can combine the check for the certificate and then add an if check if the user has a specific DB key that authorizes him/her to enter the network. I hope I understood it correctly. Alex
participants (3)
-
Alex Zetaeffesse -
Arran Cudbard-Bell -
Stefano Zanmarchi