PEAP/MSCHAPv2 - Host Account Authentication Only
Matthew Newton
mcn4 at leicester.ac.uk
Thu Apr 26 01:52:43 CEST 2012
Hi
On Wed, Apr 25, 2012 at 11:58:06PM +0100, alan buxey wrote:
> Matthew, I would say the check is a little sparse....and assumes
Yeah, good idea checking the RHS of the username - hadn't thought
of that (scuttles off to implement it :) )
> oh. actually, yes, you should ignore that i said add it to authorize..
> what you SHOULD do is add the check to policy.conf and then call that
> policy name in authorize. ah, thats better, can sleep now! ;-)
:)
I'm doing PEAP/EAP-TLS (PEAP for the SoH), and I run with my
check-eap-tls patch, so I can easily check username and cert
subject match, too. Gives more ways of verifying things look ok.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list