[EAP/TLS] Authenfication through a certificate
vazoumana fofana
zoumlander at hotmail.com
Fri Feb 8 16:24:53 CET 2013
i begin setting up configuration. bit i got two problems :
client with good certificate can be authenticated even if they're not in "users" file.
I assume it's due to my code. Here is under authenticate section of default :
Auth-Type eap {
eap
if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxx\// ) {
if ( "%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxx\// ) {
ok
}
else {
fail
}
It's like when condition is checked, it bypassed "users" file.
Maybe, i must move these lines under authorize ?
anyone to confirm it ?
cheers
> Date: Mon, 4 Feb 2013 10:32:22 -0500
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: [EAP/TLS] Authenfication through a certificate
>
> vazoumana fofana wrote:
> > i've got question about EAP/TLS and authentification for a client
> > through a certificate ?
> > I succeed setting up. But , i notice that freeradius matches client
> > login with certificate CNAME.
> > Is it possible to change it in order to match email instead of CNAME ?
>
> Yes.
>
> Read the eap.conf file, and the raddb/sites-available/default. This
> is documented.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130208/f72a3bc9/attachment.html>
More information about the Freeradius-Users
mailing list