freeradius2 with EAP-TLS and LDAP authorization ?
Alan DeKok
aland at deployingradius.com
Sat Jul 3 10:34:09 CEST 2010
Riccardo Veraldi wrote:
> Hello,
> is it possible in some way to use EAP-TLS X509 authentication together
> with LDAP authorization in freeradius2 ?
Yes. You can look the username up in LDAP, and reject the request if
the user doesn't exist.
> Actually freeradius2 allows EAP-TLS authentication, but if I wanted to
> extract the emailAddress or CN field
> from the X509 certificate and authorize it against my LDAP tree
> information to allow or disallow WiFi access,
> is it possible ??
Not really, no.
> Or the only way to authorize a EAP-TLS X509 user is only thru
> freeradius2 users file ?
The limitation isn't the users file. It's that extracting the fields
from the certificate is hard.
Patches are welcome.
Alan DeKok.
More information about the Freeradius-Users
mailing list