[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: FreeRadius EAP-TLS Auth using Email Address
From: Alan DeKok <aland () deployingradius ! com>
Date: 2024-01-31 12:21:25
Message-ID: 2F4269FC-7949-4DBF-A8CA-A6B03365717C () deployingradius ! com
[Download RAW message or body]
On Jan 31, 2024, at 6:57 AM, LOWES, Phil (LEICESTERSHIRE PARTNERSHIP NHS TRUST) via \
Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
>
> We have a requirement to authenticate devices to WIFI using the user's email \
> address stored in AD. The devices are enrolled into InTune and the only shared \
> piece of information is the email address.
> How can I change FreeRadius to authenticate using the email address instead of the \
> username?
That question is a bit confused.
The server gets a User-Name attribute in an Access-Request. That User-Name \
contains some value. FreeRADIUS typically looks that value up in a database, and \
then gets a password back from that.
FreeRADIUS then uses the password to authenticate the user.
> Do I need to perform some form of LDAPSearch using the email address to get the \
> username?
Perhaps. Or, you maybe you can modify the LDAP queries to find an account where \
the email address in the DB matches the User-Name.
i.e. break the problem into discrete bits of information, and then connect them \
together. Run small tests to verify what you can do.
Can you look up the email address in LDAP, and get a user ID? Or can you use the \
email address to get a matching password?
> Will this work with EAP authentication using SSL certs? The SSL certs are created \
> OnPrem and use the email address.
If you're using EAP-TLS, then it doesn't use or check passwords.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic