EAP-TLS - About username sent by supplicant

OLIVER Patrice patrice.oliver at ch-beaune.fr
Fri Dec 14 09:01:15 CET 2007


I use EAP-TLS to authenticate the computers on my wlan.

As the supplicants run on Windows XP, I had to store the certificates in the 'local computer' and 'user
account' stores and create the register key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global\AuthMode with the value '1' (dword).

You may ask me why. The reason is simple. Certificates stored in 'local computer' are used at boot time
and certiticates store in 'user account' and used at login time. The value of the register key tells
Windows to authenticate at boot time and after login time. So, if the WIFI card is removed and
inserted, the authentication works fine. :)

My question deals with the username sent by the supplicant when the authentication goes on. At boot
time, the username sent is : host/user_name. After the login, the username sent is : user_name. So, I
have to create 2 users. I want to cut 'host/' to make this task easier. It is possible ? How do I do this ?


Patrice OLIVER
Chef du Projet Ville Hôpital
Responsable Réseaux & Sécurité
Service Informatique
BP 104

Tél. 33 3 80 24 44 09
Fax  33 3 80 24 45 90

More information about the Freeradius-Users mailing list