EAP checking certificate CN for WiMAX

Alan DeKok aland at deployingradius.com
Wed Apr 7 13:48:50 CEST 2010

Victor Tangendjaja wrote:
> In WiMAX certificate CN apparently contains MAC address and model name
> of the device for example "FF1234567890 USB1234".
> WiMAX standard says and I quote "The MAC" (from the CN) "SHALL be
> compared with the MAC
> address in the Calling-Station-Id of the RADIUS Access Request message.
> If they do not match the authentication
> SHALL be rejected."

  It's hard to do this right now with FreeRADIUS.

> I tried to use "check_cert_cn" inside eap.conf this way

  That won't work.

> is this the correct way or there's a better way?

  You'll need to modify the source code to get this to work.

  Alan DeKok.

More information about the Freeradius-Users mailing list