about "freeradius accepts anybody"
Sergio Yébenes Moreno
sergioyebenes at alumnos.upm.es
Fri Jul 11 12:36:59 CEST 2008
Ivan Kalik escribió:
>> file autorizados contains this
>> "user1" Cleartext-Password := ""
>> Reply-Message = "Autorizando....."
>> Fall-Through = No
>>
>
> That's not going to work. You can't make EAP-TLS use passwords.
>
> That's work
>> I had to make this because I'm not the signer of client certificates,
>> only for server.
>>
>
> What are people with certificates that you haven't issued doing on your
> network? If you are accepting users from another organization, proxy
> requests to their home server. But if you are to maintain control over
> who gets access to your network you should tell people to use PEAP and
> give them usernames/passwords that you will store in autorizados file.
>
I have to use eap-tls. It's very simple. I have a CA to sign server cert
and a public CA in Spain signs clients cert. Welcome to PKI
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> __________ Información de NOD32, revisión 3257 (20080710) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
>
More information about the Freeradius-Users
mailing list