EAP-TLS Machine-Auth Windows: difference between LAN and WiFi

Alan DeKok aland at deployingradius.com
Thu Oct 11 14:16:03 CEST 2012

Alexandros Gougousoudis wrote:
> we're using FR 2.0 for our machine authentication for XP to Win7 with
> EAP-TLS. Everything is working so far, but I noticed a difference
> between authenticating via WLAN and LAN, which starts to be a problem
> for us now. If I make a auth via LAN the provided username ist
> <hostname>, if I do it via WLAN it is host/<hostname>. While we use
> "host/" as a realm for our Radsecproxy, I'd like to change the
> behauviour for the authentication via LAN and add a string to the
> <hostname>

  Don't.  You will break EAP.

> (i.e. "host/" or something else) to unify the login for WLAN
> an LAN.
> So how or where can I change that? A hint will be really welcome.

  Find a better solution.  Change your rules so that you're keying off
of the correct data, and doing that only when you want.

  Alan DeKok.

More information about the Freeradius-Users mailing list