EAP checking certificate CN for WiMAX
Alan DeKok
aland at deployingradius.com
Wed Apr 7 13:48:50 CEST 2010
Victor Tangendjaja wrote:
> In WiMAX certificate CN apparently contains MAC address and model name
> of the device for example "FF1234567890 USB1234".
> WiMAX standard says and I quote "The MAC" (from the CN) "SHALL be
> compared with the MAC
> address in the Calling-Station-Id of the RADIUS Access Request message.
> If they do not match the authentication
> SHALL be rejected."
It's hard to do this right now with FreeRADIUS.
> I tried to use "check_cert_cn" inside eap.conf this way
That won't work.
> is this the correct way or there's a better way?
You'll need to modify the source code to get this to work.
Alan DeKok.
More information about the Freeradius-Users
mailing list