first, freeradius looks in users file, and only if client is authorized,
checks DNIe. There aren't any problem, only want to show, maybe help
somebody, and to show Ivan Kalik how clients and servers can trust in
different ca's.
Oh, but I know exactly what you have done. You have created a list of
nonsense user entries in users file and forced Auth-Type Reject on all
the rest. And that has nothing to do with server and client certificates
being issued bu different CA's.
This will work as well:
user1
Fall-Through = No
user2
Fall-Through = No
..
DEFAULT Auth-Type := Reject
What I don't understand is why? If you do trust issuer of those
certificates why are you "filtering"? And if you don't trust the
issuer - why are you using client certificates?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3257 (20080710) __________
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com