Sallee, Stephen (Jake) wrote: >> The various EAP methods *should* have tied usernames (i.e. domains) > to a field in the certificate. e.g. a cert with CN "[email protected]" >> should be sent logins for "[email protected]", but NEVER sent logins > for "[email protected]" > > How does this workout with child domains? For example: I have two > domains 1) umhb.edu and 2) Cru.umhb.edu. "Cru" is a child of > "umhb.edu", if I get a single cert for FreeRADIUS.umhb.edu will it be ok > for authenticating users on both umhb.edu AND Cru.umhb.edu?
I said it SHOULD have been that way. It doesn't work that way now. There is NO tying of certificate CNs to user names. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
