freeradius + jradius

Jim Shi hanmao_shi at
Wed Sep 30 18:21:07 CEST 2015

Hi, Alan,
 Thanks for the reply. 
I assume you mean to  add this sites-available/default:

   update reply {

         Reply-Message += "%{TLS-Client-Cert-Common-Name}"

In the jradius, which radius packet attribute will contain the CN value?


> On Sep 30, 2015, at 6:17 AM, Alan DeKok <aland at> wrote:
> On Sep 29, 2015, at 7:50 PM, Jim Shi <hanmao_shi at> wrote:
>> Hi, I would like to  use freeradius radius for verify client certificate  (EAP - TLS) (authentication),  and use jradius (which is java code) for  authorization.
>> In jradius, I need access the CN of client certificate for authorization. Is that possible?
>  In v2, yes.  See raddb/sites-available/default.  Look for TLS-Client-Cert...
>> That is, I would like freeradius to put client certificate’s CN in the  radius packet before sending to jradius for authorization.
>  Just follow the example above and it will work.
>  Note that in v3, there is no jradius module.   It was unmaintained, and therefore removed.  I'd recommend using a REST API in v3 instead.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list