Alan DeKok wrote: > Arran Cudbard-Bell wrote: > >> Yeah, complex sql really can be quite slow, specially when the queries >> are being run multiple times for all the rounds required in eap >> authentication. > > If you're using the TLS variants of EAP, you can do:
Except if you're using plain EAP-TLS where there's no inner tunnel IIRC? I have wondered where it might be sensible to fake a PAP request with the certificate details for EAP-TLS. This would provide (I think) quite a good way for people to do certificate checking and logging etc. User-Name = "theCN" User-Password = "theCN" FreeRADIUS-Cert-Subject = "cn=theCN,o=Foo,c=GB" FreeRadius-Cert-Issuer = "ou=ICT,o=Foo,c=GB" FreeRADIUS-SubjectAltName = "email:[EMAIL PROTECTED]" FreeRADIUS-SubjectAltName = "email:[EMAIL PROTECTED]" ..etc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
