Riccardo Veraldi wrote:
First I need to extract the CN field (which can be done and I Already
did
You can't *extract* the CN field. You can *compare* the CN field to
another value, as shown in the eap.conf file.
and I can set up
a list of allowed CN in hte users file), and after I need to
Riccardo Veraldi wrote:
Hello,
is it possible in some way to use EAP-TLS X509 authentication together
with LDAP authorization in freeradius2 ?
Yes. You can look the username up in LDAP, and reject the request if
the user doesn't exist.
Actually freeradius2 allows EAP-TLS authentication,
RV but if I wanted to extract the emailAddress or CN field from the
RV X509 certificate and authorize it against my LDAP tree
AdK The limitation isn't the users file.
AdK It's that extracting the fields from the certificate is hard.
I don't understand. rlm_eap's check_cert_cn must be able to
Edgar Fuß wrote:
I don't understand. rlm_eap's check_cert_cn must be able to extract the CN
from the user certificate in order to check it against User-Name (or
whatever).
Yes...
Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name
for an extracted CN for
For starting it should be enough but what I am not able to do is to set
up the correct sequence.
First I need to extract the CN field (which can be done and I Already
did and I can set up
a list of allowed CN in hte users file), and after I need to do an LDAP
query to check for authorization.
Hello,
is it possible in some way to use EAP-TLS X509 authentication together
with LDAP authorization in freeradius2 ?
Actually freeradius2 allows EAP-TLS authentication, but if I wanted to
extract the emailAddress or CN field
from the X509 certificate and authorize it against my LDAP tree
6 matches
Mail list logo