AW: 802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs
PENZ Robert
ROBERT.PENZ at TIROL.GV.AT
Thu Mar 22 16:27:14 CET 2012
Hi!
Thx for the fast response!
But how to I execute the SQL authorize_reply_query query after I did a EAP authentication? I don't do that currently in post-auth. I just have the sql modul activated in authorize.
Or would it be anyway a better Idea to have more than one issuers and I return the VLAN data based on that? E.g. one issuer for the PC net and one for the printer net? Can I use the issuer in a SQL query? As I've different switch types which need different responses. I use a SQL lookup with the NAS IP with a switch type table to get the correct response.
Mit freundlichen Grüßen
Robert Penz
-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+robert.penz=tirol.gv.at at lists.freeradius.org [mailto:freeradius-users-bounces+robert.penz=tirol.gv.at at lists.freeradius.org] Im Auftrag von Matthew Newton
Gesendet: Donnerstag, 22. März 2012 15:48
An: FreeRadius users mailing list
Betreff: Re: 802.1x/EAP-TLS and MAC authentication via SQL with dynamic VLANs
Hi,
On Thu, Mar 22, 2012 at 03:24:41PM +0100, PENZ Robert wrote:
> And how can I use the CN of the certificate in the SQL query? I
> believe I need one query for MAC and one for EAP-TLS, as for one
> I search for the MAC address and in the other the CN ...
> correct?
Common Name of the cert is in TLS-Client-Cert-Common-Name, but only
available in post-auth. However, that should be OK to update the
reply to set a VLAN.
> I'm using freeradius2-2.1.7-7.el5 on rhel5 with following config
You'll need to upgrade to 2.1.12. This is too old and doesn't have
the above attribute.
> The last question is more general. How do I get the mac address
> for a client that is authenticating with EAP-TLS, would like to
> add this to the sqllog? Thx for your help!
Calling-Station-Id, as usual.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list