Problems using EAP-TLS with freeradius version 2

Sebastian Heil s3b0 at gmx.de
Wed Feb 6 10:58:00 CET 2008


> For using EAP-TLS with the Windows Mobile devices I still have to solve
> one
> problem, which I think would be no problem for you, the problem with the
> username of the devices.
> 
> If I disable the option "check_cert_cn = %{User-Name}" in eap.conf I get a
> working configuration, but finally it should work also with that Option
> enabled.
>  The problem of the Windows Mobile devices is, that they always submit as
> username "DOMAIN\user". If you leave the DOMAINNAME blank still "\user" is
> used.
 
Hi,
in version 1.1.7 i used following configuration to cut off the "host/" in front of the username.

in users-file:
DEFAULT Prefix == "host/"

the new value will be written in the attribute "stripped-user-name". so i had to change the value in eap.conf to the following setting:

check_cert_cn = %{Stripped-User-Name}

Maybe that will work in your configuration...

Sebastian
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger



More information about the Freeradius-Users mailing list