Ok. DNIe gives PUBLIC access control, to a public network (university, madrid Wifi (jeje, gallardón va de rey alcalde) etc), Dinamic keys, and all in 802.1x and, in consequence, 802.11i. But probably we don't want everybody in this network.Surely we hadn't spend money and time issuing certificates to clients. Because of this, we have "autorizados" file. Then, we only should issue certificates to radius. Clients trust in my CA, and radius trust in "ministerio del interior" jejeje, that sings certificates for everybody in Spain.
I can see where you are heading with this. You want to use usernames/passwords *and* check client certificates. Freeradius doesn't support this. That is called PEAP-EAP-TLS and is supported in Microsoft-only networks. Ivan Kalik Kalik Informatika ISP