On Fri, 23 Jul 2004, Andreas Rieck wrote: > Hi, im runnig freeradius-0.9.3 and openssl-0.9.7d-15. > > I use EAP/TLS and it works fine. With this configuration, everybody with an valid > certificate can connect. Now it is > necessary, that only people from the OU "ou=People, OU=wlan, o=myCompny, c=com" can > be able to connect to the > Acces-Point. The Radius-Server should check this by using the CN from the > client-certificate. If such an CN ist present > in the OU, the Connection via EAP/TLS can be established, if not the connection > should be rejected. > Is this generally possible,in which way do I have to change the configuration?
I don't think it can work the way you want it. You can do the following though: 1. In rlm_ldap set basedn to 'ou=People, OU=wlan, o=myCompny, c=com' so that any other user will get rejected 2. In eap tls (this is possible in recent server versions) set check_cert_cn accordingly. > > Thanks > > Andreas Rieck > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html