EAP-TLS Machine-Auth Windows: difference between LAN and WiFi
Alexandros Gougousoudis
gougousoudis-list at servicecenter-khs.de
Thu Oct 11 15:08:47 CEST 2012
Hi Alan,
thanks for your reply!
Alan DeKok schrieb:
>> "host/" as a realm for our Radsecproxy, I'd like to change the
>> behauviour for the authentication via LAN and add a string to the
>> <hostname>
>>
>
> Don't. You will break EAP.
>
>
That's not clear. Why would that break EAP if the workstations are
sending a different Login? It already does, depending on LAN or WLAN
Logins. I don't mean some kind of rewrite or redirect inside of
Freeradius. Using Linux I can send whatever I want as the loginname.
> Find a better solution. Change your rules so that you're keying off
> of the correct data, and doing that only when you want.
>
I have now a more or less complicated regex rule in the radsecproxy, but
I thought it's more elegant to unify both logins. I thought doing it in
the profile-xml-file of the LAN connection in Win, but unfortunately
it's not the right place for it. At least all official ressources I can
find from MS, are not pointing out how to do that.
bye
Alex
More information about the Freeradius-Users
mailing list