Some help with the Users file
I want to make it so that users who use eap-peapv0 have to be in the wireless group to logon. I have this set in the users file: DEFAULT Called-Station-Id =~ "CCISD-REMC1", Group != "wireless", Auth-Type := Reject This works great buuut I have successfully setup eap-tls. What is the appropriate way to continue to limit users to be in the wireless group to connect? I have the common name of the certificate set to the users login so if a user logs in with the username "josh" then that is the common name of the certificate. Will Freeradius use this same username to check against the wireless group? I dont want to break eap-tls with the above DEFAULT statement. Any advice would be appreciated. Thanks for your time!!! -Josh
Josh Hiner wrote:
I want to make it so that users who use eap-peapv0 have to be in the wireless group to logon. I have this set in the users file: DEFAULT Called-Station-Id =~ "CCISD-REMC1", Group != "wireless", Auth-Type := Reject
This works great buuut I have successfully setup eap-tls. What is the appropriate way to continue to limit users to be in the wireless group to connect?
The above "users" file entry should be a good start.
I have the common name of the certificate set to the users login so if a user logs in with the username "josh" then that is the common name of the certificate. Will Freeradius use this same username to check against the wireless group?
It will use the User-Name in the Access-Request packet. Alan DeKok.
participants (2)
-
Alan DeKok -
Josh Hiner