eap/tls and central users file

Norbert Wegener nw at sbs.de
Mon Oct 17 14:45:00 CEST 2005


We use freeradius for eap/tls authentication, where freeradius accepts 
every certificate from a certain ca, as long as it is nor revoked.
For this only a minimal users file is neccessary to assign some 
attributes to users via a DEFAULT entry.
This works so far without problems.

If we want to allow only certificates with well known CNs to be 
accepted, we would have to add them to the users file and add a DEFAULT 
with type reject.

Would it be possible, that fr only validates the certificates and 
proxies the CN as username to a central fr, that has  the complete user db?
If so, how could it be achieved?

Norbert Wegener








More information about the Freeradius-Users mailing list