I've searched for this sort of posting, but found issues unrelated that responded to my search string, so I decided to post it here.
OK, currently I have Radius authenticating LDAP users via PAP. Works great. Imagine I want to store x509 certificate data (specifically a client certificate) in an attribute in LDAP (perhaps as a binary attribute, etc). I would like FreeRADIUS, should it be passed a client certificate INSTEAD of a user/pass, to take the DN of the cert and match it to some attribute which contains said DN and cert-data. The ultimate goal of all of this is to allow the continued use of LDAP and store the certificates (to be compared against) in the tree and not on some filesystem basis. Note that I want FreeRADIUS to continue supporting PAP user/pass auth, but only as a secondary fall-back (e.g: customer doesn't have client cert installed on machine, but has a user and password). Is this possible? Does this make sense to you? Let me know if I need to re-explain anything. Thank you, subcon -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-EAP-TLS-Lookup-Client-Cert-From-LDAP-DIT-tp4904006p4904006.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
