Edgar Fuß wrote: > Whein using EAP-TLS, is there any sane way of restricting the use of a CA > Certificate to a subset of the possible identities? I.e., is it possible to > configure a single FreeRADIUS 2 server to accept users @foo.my.domain only if > their Certificates are signed with CA-Cert.foo and users @bar.my.domain only > if theirs are signed with CA-Cert.bar?
Not really. You can configure 2 EAP modules, and have requests for different domains be handled by different modules. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
