freeradius2 with EAP-TLS and LDAP authorization

Alan DeKok aland at
Sat Jul 3 17:13:26 CEST 2010

Edgar Fuß wrote:
> I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from the user certificate in order to check it against User-Name (or whatever).


> Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name for an extracted CN for whatever additional lookup you need.


> Or am I getting it wrong?

  No.  But there's no code to extract other fields from the cert.

  Alan DeKok.

More information about the Freeradius-Users mailing list