freeradius2 with EAP-TLS and LDAP authorization

Alan DeKok aland at
Sun Jul 4 09:00:36 CEST 2010

Riccardo Veraldi wrote:
> First I need to extract the CN field (which can be done and I Already
> did

  You can't *extract* the CN field.  You can *compare* the CN field to
another value, as shown in the eap.conf file.

> and I can set up
> a list of allowed CN in hte users file), and after I need to do an LDAP
> query to check for authorization.
> How can I do the following in this exact order ?

  You edit the config files so that the "ldap" module is run after the
"users" file.

> LDAP authorization is tryed first then comes authentication or am I wrong ?


> What I'd need is to extract the CN and check it against LDAP attributes...
> How might I do it ?

  You can't.  To do that, you will need to edit the source code to add
that feature.

  Alan DeKok.

More information about the Freeradius-Users mailing list