It "just works," but we need a little work on username parsing.
I appended the .pem certificate for the client certs (which is different from
the CA used to sign the RADIUS server cert) to ~pf/raddb/certs/ca.pem. Then I
installed the .p12 client cert package on a Windows 7 machine (since
configuring a Windows 8 machine to use EAP-TLS is unreasonably painful). Then I
restarted radiusd. Then it "just worked."
Problem:
I believe eduroam requires the client cert X509 cn to be the fully qualified
[email protected]. But the "person" table, and our roles logic, want the
bare username rgraves, which is ordinarily pulled from the stripped
MSCHAP-Username.
Louis and I will work this out and report back to the list if there's interest.
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
