802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs

Matthew Newton mcn4 at leicester.ac.uk
Thu Mar 22 15:47:59 CET 2012


Hi,

On Thu, Mar 22, 2012 at 03:24:41PM +0100, PENZ Robert wrote:
> And how can I use the CN of the certificate in the SQL query? I
> believe I need one query for MAC and one for EAP-TLS, as for one
> I search for the MAC address and in the other the CN ...
> correct?

Common Name of the cert is in TLS-Client-Cert-Common-Name, but only
available in post-auth. However, that should be OK to update the
reply to set a VLAN.

> I'm using freeradius2-2.1.7-7.el5 on rhel5 with following config

You'll need to upgrade to 2.1.12. This is too old and doesn't have
the above attribute.

> The last question is more general. How do I get the mac address
> for a client that is authenticating with  EAP-TLS, would like to
> add  this to the sqllog? Thx for your help!

Calling-Station-Id, as usual.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list