Dear all, 1-2 years ago this topic was discussed and there was a patch by Matthew Newton that was approved for the master branch.
I'm now facing the difficulty of accepting/rejecting requests based on the contents of the TLS-Client-Cert for 2.1.12 which does not contain this patch. This is done in an exec module script in the authorize section which needs to decide on the request information and the certificate data whether to allow or disallow access. Other than applying this patch to 2.1.12 or switching to master, is there any other way to use the binaries of 2.1.12 and still be able to use the client cerficate date in the exec script? The reason I'm not simply applying the patch is that this system is covered by support by Red Hat and replacing the vendor shipped freeradius (2.1.12) with a self-compiled one voids the support. So any other solution that would allow me to keep the system under support and still be able to check the certs Subject/CN would be great! Some more details for anyone interested: The RADIUS client is an AP and the devices are Wifi clients like Android, iPads, laptops etc with Client certificates. Some devices should be allowed to access some SSIDs and others are not. freeradius gets the certificate and needs to extract the embedded username (which is just the device's serial number and displayed in the logs as BUF-name) for checking whether this device is allowed to connect to this SSID. The decision is made in an exec module in the authorize section, but I cannot pass any certificate information to it for checking. Thanks, Axel. -- Axel.Thimm at ATrpms.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html