MAC address restriction with EAP-TLS

tnt at tnt at
Tue Jan 27 23:43:46 CET 2009

>> >
>> >So how would I do the same thing for a certificate instead of a username?
>> Ther will be a username in EAP-TLS request too.
>From everything that I have been able to read, the user name in a EAP-TLS
>request should come from the CN value of the certificate.  Does this
>sound correct?

I haven't read the eap RFC. I just send the request and see what comes
up. Then I adjust realms and whatever for authentication to work. Takes
a couple of minutes. I am not planning to make the server - I just want
to use it.

Send the request and see how does the User-Name look like. Is it CN,
CN at realm, domain\CN ...

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list