EAP-TLS: restricting CA certificate use to a subset of identities

Alan DeKok aland at deployingradius.com
Mon Jun 28 13:33:27 CEST 2010

Edgar Fuß wrote:
> Whein using EAP-TLS, is there any sane way of restricting the use of a CA Certificate to a subset of the possible identities? I.e., is it possible to configure a single FreeRADIUS 2 server to accept users @foo.my.domain only if their Certificates are signed with CA-Cert.foo and users @bar.my.domain only if theirs are signed with CA-Cert.bar?

  Not really.  You can configure 2 EAP modules, and have requests for
different domains be handled by different modules.

  Alan DeKok.

More information about the Freeradius-Users mailing list