802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs
Matthew Newton
mcn4 at leicester.ac.uk
Thu Mar 22 15:47:59 CET 2012
Hi,
On Thu, Mar 22, 2012 at 03:24:41PM +0100, PENZ Robert wrote:
> And how can I use the CN of the certificate in the SQL query? I
> believe I need one query for MAC and one for EAP-TLS, as for one
> I search for the MAC address and in the other the CN ...
> correct?
Common Name of the cert is in TLS-Client-Cert-Common-Name, but only
available in post-auth. However, that should be OK to update the
reply to set a VLAN.
> I'm using freeradius2-2.1.7-7.el5 on rhel5 with following config
You'll need to upgrade to 2.1.12. This is too old and doesn't have
the above attribute.
> The last question is more general. How do I get the mac address
> for a client that is authenticating with EAP-TLS, would like to
> add this to the sqllog? Thx for your help!
Calling-Station-Id, as usual.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list