EAP-TLS and LDAP authorization

Ted Tec tec_ted88 at outlook.com
Tue Feb 27 13:07:40 UTC 2024


is the following possible in some way in freeradius 3.2? 

The freeradius is doing only eap-tls auth. If the eap-tls check was successful, I would like to carry out a second check against an LDAP attribute on the computer object.

I would like to build an LDAP filter based on the CN in the requesting certificate and have an attribute returned from the computer object in the LDAP directory. If the value is OK, the device is permitted.

Does anyone have some tips for me on how to get started and a few basic hints for implementation this, if this is possible without writing an own module  (maybe a similar example)?  I'm struggeling on how i can get the CN and pass it to the LDAP module.

best regards,

More information about the Freeradius-Users mailing list