Wireless network: WindowsXP supplicant, EAP-TLS and computer certificates.

Lev A. Serebryakov lev at serebryakov.spb.ru
Fri May 12 12:38:09 CEST 2006

   I try to use FreeRADIUS for building 801.1X EAP-TLS authorization. I 
want to use only computer certificates (not user ones) on WinXP. such 
certificates contains FQDN of client in `commonName' field.

   But WinXP/SP2 sent `User-Name' in such case as `host/FQDN'. And 
checking of commonName fails.

   How can re-map such `User-Names'? I've tried to create realm with 
LOCAL mapping, but it doesn't help much :(

   It seems, that eap-tls `xlat' user-name before check, but xlat is not 
well-documented :(

// Lev Serebryakov

More information about the Freeradius-Users mailing list