hostapd.eap_user partial matching of username.

Alexis Salinas asalinas
Thu Aug 13 10:18:05 PDT 2015

Hello list,
I'm testing hostapd's RADIUS functionality using EAP-TLS. Everything works (clients get authenticated) when I use either * or the full SAN (Subject Alt Name) as username e.g. "laptop1 at"

I'm wondering if it is possible to do partial matching of the SAN, something like * So that all machines with a SAN containing the domain "" would be authenticated without having to list them individually. (   "laptop1 at",   "laptop2 at" )

Alternatively, can one use a partial DN as the username? e.g the value of OU=group1 or O=example.


More information about the Hostap mailing list