3.10.36. EAPTLS_NoCheckId Previous topic Parent topic Child topic Next topic

For EAP-TLS authentication, this optional parameter prevents matching the User-Name to certificate CN or subjectAltName and then using the matched value to fetch the user from the user database. EAPTLS_CommonNameHook and EAPTLSRewriteCertificateCommonName are not run and the user's check and reply attributes are not applied because no user lookup is done. This allows Radiator to mimic the behaviour of some other RADIUS servers.
The certificate will be accepted based only on the validity dates and the verification chain to the root certificate. EAPTLS_OCSPCheck is allowed and EAPTLS_CertificateVerifyHook is run.