EAP-TLS: Different Certificates for different Called-Station-Id
Michael Griego
mgriego at utdallas.edu
Thu May 24 17:25:42 CEST 2007
You'll have to set up two instances of the EAP module. The first
instance will have the TLS submodule set up with the information for
Cert1.pem (and the appropriate key and CA cert). The second instance
will have its TLS submodule set with the info for Cert2.pem. It will
look something like this:
modules {
...
eap eap1 {
...
tls {
certificate = Cert1.pem
...
}
}
eap eap2 {
...
tls {
certificate = Cert2.pem
...
}
}
}
authorize {
...
eap1
}
authenticate {
...
eap1
eap2
}
Then, this is one of the few instances where you'll need to manually
specify the Auth-Type in the users file, like this:
DEFAULT Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1
DEFAULT Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2
Or, better yet, use regexes (this should work):
DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1
--Mike
On May 24, 2007, at 8:20 AM, Wolfgang Burger wrote:
> Hi,
>
> i´ve set up a freeRadius-Server (1.1.6) on OS X 10.3.9.
> I'm using it to authenticate my Wireless-LAN with 802.1X, EAP and self
> created certificates.
> Evertything works well so far.
>
> Is there any possibility to select different certificate_files and
> private_key_files, deppending on the Called-Station-ID of the request?
>
> As like:
> Called-Station-ID = "00112233445566:SSID1" -> Use Cert1.pem
> Called-Station-ID = "00112233445566:SSID2" -> Use Cert2.pem
>
> Thank you so much for any help.
>
>
> Kind Regards / Mit freundlichen Grüßen
>
>
> Wolfgang Burger <burgerw at immunbio.mpg.de>
>
> Max-Planck-Institut fuer Immunbiologie
> Scientific Data Processing Unit
> (+00 49) 761 / 5108 461
> Stuebeweg 51
> D-79108 Freiburg
> Germany
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070524/deb53755/attachment.bin>
More information about the Freeradius-Users
mailing list