Rejecting EAP-TLS based on cert Subject field

Alan DeKok aland at
Fri Jan 28 09:38:08 CET 2011

Matt Garretson wrote:
> Thanks.  That's actually my goal.  But unlang isn't allowed in
> authenticate{},

  Yes, it is.  You just need to put it into a subsection.  See the
comments around "eap" in the authenticate section for 2.1.10.

> and my attempts to sneak it into the authentication
> phase via the tls{} section in eap.conf didn't seem to work.

  Hmm... the "tls" section is a configuration section, and has nothing
to do with the modules listed in the "authenticate" section.

  Alan DeKok.

More information about the Freeradius-Users mailing list