Hello all, I am trying to implement CUI in EAP-TLS and I would like to get a handle on the CN of the client's certificate in my default. Basically I need to use the CN of the certificate, since there is no User-Name attribute in EAP-TLS. What module handles the TLS certificates' authentication? How can I get the CN in my post_auth and accounting stanzas in my default? On a similar note, why do we set the lastaccounting='0000-00-00 00:00:00',in the post_authquery in the cui.conf? Incidentally, if we need full IPv6 support the clientipaddress field in the cui table and the equivalent fields in radacct should be of length 39 and not 15. Cheers, Panos
Panagiotis Georgopoulos wrote:
I am trying to implement CUI in EAP-TLS and I would like to get a handle on the CN of the client’s certificate in my default. Basically I need to use the CN of the certificate, since there is no User-Name attribute in EAP-TLS.
Read raddb/sites-available/default. Look for TLS.
What module handles the TLS certificates’ authentication? How can I get the CN in my post_auth
See above.
and accounting stanzas in my default?
It's impossible.
On a similar note, why do we set the lastaccounting='0000-00-00 00:00:00',in the post_authquery in the cui.conf?
Because there was no accounting packet.
Incidentally, if we need full IPv6 support the clientipaddress field in the cui table and the equivalent fields in radacct should be of length 39 and not 15.
Sure. Send a patch. Alan DeKok.
I am trying to implement CUI in EAP-TLS and I would like to get a handle on the CN of the clients certificate in my default. Basically I need to use the CN of the certificate, since there is no User-Name attribute in EAP-TLS.
Read raddb/sites-available/default. Look for TLS.
I am following this rightly, the default leads me to eap and the eap has a tls stanza in it. Can you be a bit more specific as to how I get the CN in there? How do I know all the attributes/variables the server has at run time that I could use? Cheers, Panos
Panagiotis Georgopoulos wrote:
Read raddb/sites-available/default. Look for TLS.
I am following this rightly, the default leads me to eap and the eap has a tls stanza in it. Can you be a bit more specific as to how I get the CN in there?
I said: Read raddb/sites-available/default. Look for TLS. If you're not running a recent version, upgrade. Then... follow the instructions.
How do I know all the attributes/variables the server has at run time that I could use?
Read raddb/sites-available/default. Look for TLS. When I say something, I usually mean it. I don't mean anything else. Alan DeKok.
participants (2)
-
Alan DeKok -
Panagiotis Georgopoulos