about "freeradius accepts anybody"
Ivan Kalik
tnt at kalik.net
Thu Jul 10 14:51:02 CEST 2008
>Ok. DNIe gives PUBLIC access control, to a public network (university,
>madrid Wifi (jeje, gallardón va de rey alcalde) etc), Dinamic keys, and
>all in 802.1x and, in consequence, 802.11i. But probably we don't want
>everybody in this network.Surely we hadn't spend money and time issuing
>certificates to clients. Because of this, we have "autorizados" file.
>Then, we only should issue certificates to radius. Clients trust in my
>CA, and radius trust in "ministerio del interior" jejeje, that sings
>certificates for everybody in Spain.
I can see where you are heading with this. You want to use
usernames/passwords *and* check client certificates. Freeradius doesn't
support this. That is called PEAP-EAP-TLS and is supported in
Microsoft-only networks.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list