Frank, It is not really a configuration issue, but more an Identity Management issue.
It is not common to have a CA per user, but a CA per domain. And per domain you have users. So: User X from domain A has CA 1. User Y from domain B has CA 2. If this is what you are trying to achieve you can simply setup a configuration per domain/realm of these users. Regards, Tom > -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Namens Frank Sweetser > Verzonden: vrijdag 6 juni 2008 20:07 > Aan: [email protected] > Onderwerp: EAP-TLS with different CA per user? > > > I have a configuration which I need, but haven't been able to figure out > how > to make freeradius do it. > > I have two users, A and B, both authenticating over wireless using EAP- > TLS. > User A has a certificate which has been signed by CA X, and B has one > signed > by CA Y. > > What I need is to tell freeradius that certificates presented by user A > should > only be checked against CA X, and similarly B only by Y. Putting both X > and Y > in the same CA list won't work in this case due to what appears to be a > limitation in OpenSSL. > > I've been over all the existing docs I can find, and I haven't been able > any > way to do this. Anyone have any suggestion what I might try? > > -- > Frank Sweetser fs at wpi.edu | For every problem, there is a solution > that > WPI Senior Network Engineer | is simple, elegant, and wrong. - HL > Mencken > GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
