EAP-TLS and LDAP authorization

[SENECAUX Ludovic]

Hi,

You have to configure LDAP module and call it from "check-eap-tls" virtual-server.
Don't forget to enable this virtual-server into you eap module file.

Rds,


-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+ludovic.senecaux=lenord.fr at lists.freeradius.org> De la part de Ted Tec
Envoyé : mardi 27 février 2024 14:08
À : freeradius-users at lists.freeradius.org
Objet : EAP-TLS and LDAP authorization

Soyez vigilant, ce courriel est émis depuis l'extérieur. N'ouvrez les fichiers ou cliquez sur les liens que si vous êtes sûr de l'adresse mail de l'expéditeur.


Hello,

is the following possible in some way in freeradius 3.2?

The freeradius is doing only eap-tls auth. If the eap-tls check was successful, I would like to carry out a second check against an LDAP attribute on the computer object.

I would like to build an LDAP filter based on the CN in the requesting certificate and have an attribute returned from the computer object in the LDAP directory. If the value is OK, the device is permitted.

Does anyone have some tips for me on how to get started and a few basic hints for implementation this, if this is possible without writing an own module  (maybe a similar example)?  I'm struggeling on how i can get the CN and pass it to the LDAP module.

best regards,
Ted
-
List info/subscribe/unsubscribe? See https://antiphishing.vadesecure.com/v4?f=ZEtPTklHeGR1a0VPT25scR0B11HWYdH0xnDI5FbOqr8jdLmhmAexjTLx8FARC75QfbPXNfZ8KhLLFSFbqFdceN7ekPOAEcJWbhz8aDB7Yd5hmRonqfEq2FpTyyGZwjX7&i=bHdDQW5tZDVCemI1ZVczSU4usglZMHHyte4uzk_L0KE&k=b8ix&r=eUE1UjdPZTk3ZVl6NjY3MB_UsCoeDZFcIR3xbFpjBmHSq0VsISFon-G1I7ZE8FfW&s=0d15cd4fa5d79026069e38843f38fb2eff94829a36d2861cd63861822d529e30&u=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html