freeradius2 with EAP-TLS and LDAP authorization

Edgar Fuß ef at
Sat Jul 3 17:07:24 CEST 2010

RV> but if I wanted to extract the emailAddress or CN field from the
RV> X509 certificate and authorize it against my LDAP tree

AdK> The limitation isn't the users file.
AdK> It's that extracting the fields from the certificate is hard.

I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from the user certificate in order to check it against User-Name (or whatever).
Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name for an extracted CN for whatever additional lookup you need.
Or am I getting it wrong?

More information about the Freeradius-Users mailing list