Rejecting EAP-TLS based on cert Subject field

Matt Garretson mattg at
Thu Jan 27 19:24:39 CET 2011

On 1/27/2011 1:14 PM, Alan Buxey wrote:
> you are authenticating...and then rejecting in the post-auth
> stage.   you really need to break the process in the authentication
> stage.

Thanks.  That's actually my goal.  But unlang isn't allowed in
authenticate{}, and my attempts to sneak it into the authentication
phase via the tls{} section in eap.conf didn't seem to work.

Any other ways to do it?

I'd thought of using rlm_perl, but couldn't see that the cert fields are
passed to the module.


More information about the Freeradius-Users mailing list