EAP checking certificate CN for WiMAX

Victor Tangendjaja victor.tangendjaja at unwiredaustralia.com.au
Thu Apr 1 05:21:16 CEST 2010


In WiMAX certificate CN apparently contains MAC address and model name 
of the device for example "FF1234567890 USB1234".
WiMAX standard says and I quote "The MAC" (from the CN) "SHALL be 
compared with the MAC
address in the Calling-Station-Id of the RADIUS Access Request message. 
If they do not match the authentication
SHALL be rejected."

I tried to use "check_cert_cn" inside eap.conf this way

check_cert_cn = %{Calling-Station-Id}
obviously doesn't work because the CN also contains Model name

check_cert_cn =~ /^%{Calling-Station-Id} .*/i
doesn't work as well because of syntax error

is this the correct way or there's a better way?

Thanks for your help.


More information about the Freeradius-Users mailing list