Freeradius EAP-TLS and LDAP
Lennart Johansson
Lennart.Johansson at b-iq.se
Thu Aug 29 15:08:18 UTC 2024
Hello,
my fist question here, so bare with me
The solution is perhaps simple, but I cant seem to figure it out
I want to setup vpn authentication for users using Freeradius as Radius
backend in vpn server
User certificates are created using a Edirectory server that also is CA
and ldap server
What do I have to do to configure Freeradius role in this, if I search
for solutions online, most is related to AD and MS NPS.
My understanding is that EAP-TLS requires that the vpn server pass the
certificate request to Freeradius and Freeradius is verifying the
certificate and reply with a accept or deny.
But what is needed for Freeradius to verify the certificate, is it only
that the CA certificate to verify that the certificate is issued by that
CA or is it possible for Freeradius to pick the subject or SAN like
email address and to a lookup in LDAP to get specific group or attribute
back and based on that respond with accept or deny?
Or how to you do it?
/Lennart
Med vänlig hälsning/Kind regards
Lennart Johansson
Telefon: +4610 5516810
Mobil: +4670 2334116
B-IQ
Business in Quaternion AB
Kivra: 556949-6648
106 31 Stockholm
Sverige/Sweden
More information about the Freeradius-Users
mailing list