Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Freeradius TLS #1900

Merged
merged 5 commits into from Oct 14, 2020
Merged

Freeradius TLS #1900

merged 5 commits into from Oct 14, 2020

Conversation

schreibubi
Copy link
Contributor

Add support for TLS and implement common name checking on certificates. Allow additional characters in the usernames, since those are required for this use-case

@MartB MartB mentioned this pull request Jul 4, 2020
Closed
@mimugmail
Copy link
Member

What happens on your side if you only set TLS and not enable the new checkbox?

@mimugmail
Copy link
Member

Forget it, had reread the old template, good one 👍

mimugmail
mimugmail approved these changes Jul 18, 2020
View reviewed changes
Copy link
Member

@mimugmail mimugmail left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thx!
Would you mind doing a version bump in Makefile and adding a changelog in pkg-descr?

@fichtner fichtner self-assigned this Jul 18, 2020
@schreibubi
Copy link
Contributor Author

Sure, will do the Makefile and pkg-descr update.

@schreibubi
net/freeradius: Allow '@' as part of the username
915f85a 
Freeradius allows to have e-mail addresses as usernames.
@schreibubi
net/freeradius: Add option to enforce that user-name and certificate …
77c2cf6 
…common-name are identical
@schreibubi
net/freeradius: Allow '/' as part of the username
a7b9d98 
Windows authenticates machines with host/ prefixed to the username, thus need to
allow specifying usernames containing '/'.
@schreibubi
net/freeradius: Allow selection of TLS for default EAP type
d547b3e
@schreibubi
net/freeradius: Bump version number to 1.9.8 and update pkg-descr
833e9a7
@schreibubi
Copy link
Contributor Author

Any chance of getting this merged?

@mimugmail
Copy link
Member

@fichtner any chance to get this merged too? no need for stable with 20.7.4

@fichtner fichtner merged commit df263e5 into opnsense:master Oct 14, 2020
@fichtner
Copy link
Member

Merged, thanks!

@mimugmail
Copy link
Member

@schreibubi are you still using this feature? I think this is broken sind 22.7.8 which introduces FR 3.2.1.
The default changed a bit which might be the error:

https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/sites-available/check-eap-tls#L66

@schreibubi
Copy link
Contributor Author

@mimugmail This is a bug in FR3.2.1, see my bug report here: FreeRADIUS/freeradius-server#4820
It was fixed already, but will be only available in the next release.
In the meantime you can disable Freeradius -> EAP -> Check TLS Common-Name to have it working again.

@mimugmail
Copy link
Member

You
Are
Awesome
:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mimugmail mimugmail mimugmail approved these changes

Assignees

@fichtner fichtner

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@schreibubi @mimugmail @fichtner