CUI in TLS
Alan DeKok
aland at deployingradius.com
Fri Oct 28 17:02:47 CEST 2011
Panagiotis Georgopoulos wrote:
> I am trying to implement CUI in EAP-TLS and I would like
> to get a handle on the CN of the client’s certificate in my default.
> Basically I need to use the CN of the certificate, since there is no
> User-Name attribute in EAP-TLS.
Read raddb/sites-available/default. Look for TLS.
> What module handles the TLS certificates’ authentication? How can I get
> the CN in my post_auth
See above.
> and accounting stanzas in my default?
It's impossible.
> On a similar note, why do we set the
> lastaccounting='0000-00-00 00:00:00',in the post_authquery in the cui.conf?
Because there was no accounting packet.
> Incidentally, if we need full IPv6 support the
> clientipaddress field in the cui table and the equivalent fields in
> radacct should be of length 39 and not 15.
Sure. Send a patch.
Alan DeKok.
More information about the Freeradius-Users
mailing list