Fernando escribió:
No. Only if they are in "autorizados" file. I've checked it with wpa_supplicant, changing the "identity" field, but with the same certificate. The certificate are signed by a public CA. Its the DNIe in Spain. Probably you know it. Because of this, I should have a "filter" to users. This is my proyect at university. To use DNIe in my home network aren't in my objectives.let me see... at this time... can all client with a valid certificate gain access to the network?Sergio Yébenes Moreno wrote:Fernando escribió:To use eap-tls with client certs signed by a public CA. Public CA means that I can't do anything with this. But I don't want that everybody comes to my network. I know that my english isn't very clear, but I think it's very simple. Clients are in a public PKI. Servers are in my own PKI. Clients trust in my PKI, servers trust in this public PKI. But servers only authorize some users.I don't understand, what is your goal? Sergio Yébenes Moreno wrote:Using eap-tls we can make a "filter" to users, based on different attibutes (I think). In my case, the "identity" field in wpa_supplicant.conf.Freeradius config: file users contains this ..... ..... $INCLUDE autorizados DEFAULT Auth-Type := Reject Reply-Message = "out" ...... ...... file autorizados contains this "user1" Cleartext-Password := "" Reply-Message = "Autorizando....." Fall-Through = No "user2" ............ ...........I had to make this because I'm not the signer of client certificates, only for server. I hope that somebody will help this.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html__________ Información de NOD32, revisión 3257 (20080710) __________ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html__________ Información de NOD32, revisión 3257 (20080710) __________ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com