Hi Alan....
> 3. Is it possible using EAP/TLS to restrict how many times a station with a
> particular certificate connects to the wireless net.....i.e. if someone
> takes their certificate and installs it on 10 wireless machines, can I
> configure freeradius (and/or my access point) so that only one active
> wireless connection is allowed for that certificate?
You can set Simultaneous-Use on the server, which will do this.
I am trying to use this now. However, when I have radius accounting enabled, 2 different machines are showing up as different usernames.......even though I have installed the same X.509 certificate on both. Radius doesn't seem to extract any information from the certificate during the authentication phase (eg: who/what the certificate is assigned to).
Is it possible to use Simultaneous-Use in an EAP/TLS setup to ensure that even if multiple machines have the same certificate, only one of them will be able to logon?
i.e. can radius detect based on the certificate itself whether someone has already tried to connect using the same certificate?
If so, is there a field I can set in radiusd.conf via 'username = ...' to make this work?
Thanx in advance.
Chris.
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
