EAP checking certificate CN for WiMAX
Victor Tangendjaja
victor.tangendjaja at unwiredaustralia.com.au
Thu Apr 1 05:21:16 CEST 2010
Hi,
In WiMAX certificate CN apparently contains MAC address and model name
of the device for example "FF1234567890 USB1234".
WiMAX standard says and I quote "The MAC" (from the CN) "SHALL be
compared with the MAC
address in the Calling-Station-Id of the RADIUS Access Request message.
If they do not match the authentication
SHALL be rejected."
I tried to use "check_cert_cn" inside eap.conf this way
check_cert_cn = %{Calling-Station-Id}
obviously doesn't work because the CN also contains Model name
check_cert_cn =~ /^%{Calling-Station-Id} .*/i
doesn't work as well because of syntax error
is this the correct way or there's a better way?
Thanks for your help.
Victor
More information about the Freeradius-Users
mailing list