Proxy EAP-TLS
Davide Belloni
davide.belloni at gmail.com
Wed Nov 2 22:38:28 CET 2016
Hi,
for a SSID wireless network I'm trying, without success, to proxy EAP-TLS
auth (based on certificate's CN) to specific Windows RADIUS that are
members of two domain on AD.
For example what I want to obtain is that:
- EAP-TLS of client A, member of domain X, is proxied by Freeradius to
RADIUS/AD of that domain
- EAP-TLS of client B, member of domain Y, is proxied by Freeradius to
RADIUS/AD of that domain
- EAP-TLS of client C, member of any domain, is managed by file user
I've obtained a similar setup for EAP-TTLS using this configuration in
inner-tunnel authorize section:
if ("%{Called-Station-Id}" =~ /:SSID_S$/ ) {
if ("%{User-Name}" =~ /@domainx.com$/ || "%{User-Name}" =~ /\.
domainx.com$/ || "%{User-Name}" =~ /^DOMAINX\\\\/ ) {
update control {
Proxy-To-Realm := 'AD_DOMAINX'
}
}
}
Is it possible to obtain this setup with EAP-TLS? How?
Thanks
--
Davide Belloni
http://about.me/davidebelloni
http://www.linkedin.com/in/davidebelloni
More information about the Freeradius-Users
mailing list