LDAP authorize for both EAP-TLS and EAP-PEAP

David Hartburn D.J.Hartburn at kent.ac.uk
Mon Jan 25 17:56:26 CET 2016


Sorry, this is the first chance I have had to come back to this.

No, we are not using that as the virtual server. I think ours was based 
on the default and is doing EAP-TLS too.

Currently if the request comes from our wireless LAN controllers it puts 
it into our local eduroam virtual server, to which I added EAP-TLS.

I'm struggling to find any documentation or examples on using the 
check_eap_tls module. It is a case of putting something in our local 
eduroam virtual server to punt TLS attempts off to this server? Where 
would you put that without breaking the EAP-PEAP authentication?

David


On 18/12/15 11:41, Matthew Newton wrote:
> On Fri, Dec 18, 2015 at 11:12:52AM +0000, David Hartburn wrote:
>> We are using LDAP to check for group membership, so we need the lookup to do
>> that authorization.
>
> Are you using the check_eap_tls virtual server? It's designed to
> do just that for EAP-TLS.
>
> It gets called once at certificate verification time.
>
> Matthew
>
>


More information about the Freeradius-Users mailing list