Riccardo Veraldi wrote: > Hello, > is it possible in some way to use EAP-TLS X509 authentication together > with LDAP authorization in freeradius2 ?
Yes. You can look the username up in LDAP, and reject the request if the user doesn't exist. > Actually freeradius2 allows EAP-TLS authentication, but if I wanted to > extract the emailAddress or CN field > from the X509 certificate and authorize it against my LDAP tree > information to allow or disallow WiFi access, > is it possible ?? Not really, no. > Or the only way to authorize a EAP-TLS X509 user is only thru > freeradius2 users file ? The limitation isn't the users file. It's that extracting the fields from the certificate is hard. Patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
