freeradius2 with EAP-TLS and LDAP authorization
Riccardo Veraldi
Riccardo.Veraldi at cnaf.infn.it
Sat Jul 3 21:25:32 CEST 2010
For starting it should be enough but what I am not able to do is to set
up the correct sequence.
First I need to extract the CN field (which can be done and I Already
did and I can set up
a list of allowed CN in hte users file), and after I need to do an LDAP
query to check for authorization.
How can I do the following in this exact order ?
LDAP authorization is tryed first then comes authentication or am I wrong ?
What I'd need is to extract the CN and check it against LDAP attributes...
How might I do it ?
thank you
Riccardo
Alan DeKok wrote:
> Edgar Fuß wrote:
>
>> I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from the user certificate in order to check it against User-Name (or whatever).
>>
>
> Yes...
>
>
>> Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name for an extracted CN for whatever additional lookup you need.
>>
>
> Yes.
>
>
>> Or am I getting it wrong?
>>
>
> No. But there's no code to extract other fields from the cert.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list