Edgar Fuß wrote: > I thought this was a FAQ but apparently it isn't. > > I have an 1.1.7 FreeRADIUS server up and running with EAP/TLS. > Now, I would like to put clients into different VLANs based on who signed > their certificate. > Is there a way to set the Tunnel-Private-Group-Id attribute based on the > certificate issuer? Is the Rlm_eap module able to export any information > on the certificate chain? > > Switching to 2.1.1 wouldn't be a problem for me I suppose.
This isn't supported right now. There is no way to access the certificate chain. There were some patches to enable some of this, but they haven't been integrated into the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
