Hi,
I try to use the "check_cert_cn = %{User-Name}" option in the tls
section of eap.conf. It's not working and still the user's certificate
is ok, freeradius accept him whatever he typed in the User-Name field
who is responded after an eap-request-ID message. Is there here someone
who is using this option with more luck? My goal is to give differents
privilege to users in function of their CN (now it is CN, but DN or mail
adress are possible alternative?), for this freeradius must match a user
name in the users file and to make impossible for a trusted user (who
own a good certificate for the network) to use privilege of another
user, I must use this option. Tell me if i'm wrong on this.
I have searched but only found an old patch (didn't try it) from Michael
Griego on Nov2003 and an unanswered message from Anthony Lopez on May
2004. Any clue?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Re: CN check against User Name - EAP-TLS pouet
- Re: CN check against User Name - EAP-TLS Michael Griego
