[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: authorization policy based on cert issuer
From:       Phil Mayers <p.mayers () imperial ! ac ! uk>
Date:       2011-11-25 15:49:34
Message-ID: 4ECFB90E.2040109 () imperial ! ac ! uk
[Download RAW message or body]

On 25/11/11 13:59, Edgar Fu=DF wrote:
> Seems that I'm slowly getting it.
>
>> To authorize subscriber you should make a decision based on both
>> subscriber profile and authentication result. This is what
>> post-auth section does. Put your authorization policies in this
>> section.
> So do I understand this correctly: if I, for example, want to put a
> client into a VLAN according to the EAP-TLS certificate issuer, the
> recommended way to to that is to use unlang to check
> %Client-Cert-Issuer in the post-auth section and use the "update
> reply" command to set the Tunnel-Private-Group-Id reply attribute? -

Yes, exactly so.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h=
tml
[prev in list] [next in list] [prev in thread] [next in thread]