Hi - Summary - I want/need to configure free radius to allow a TLS user on to the system; without having To authenticate the certs? I am not sure if this is possible, but wanted to ask if there was a way to bypass TLS cert authentication. I did set the Default-auth-type = Accept; got a `Login Ok' response from free radius; but the user still wasn't able to get network entry? Any options? Thanks, Jerry Login OK: [001DE104702B@xohm.com/<no User-Password attribute>] (from client PAYLOAD_SET65537 port 1 cli 001de104702b) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 43 radius_xlat: '/usr/local/var/log/radius/radacct/192.168.104.41/reply-detail-20081121' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m %d expands to /usr/local/var/log/radius/radacct/192.168.104.41/reply-detail-20081121 modcall[post-auth]: module "reply_log" returns ok for request 43 modcall: leaving group post-auth (returns ok) for request 43 Sending Access-Accept of id 110 to 192.168.104.41 port 33039 Reply-Message = "Default = Accept" Finished request 43 Going to the next request
Jackson Jerry-NPC637 wrote:
Hi -
Summary - I want/need to configure free radius to allow a TLS user on to the system; without having To authenticate the certs? I am not sure if this is possible, but wanted to ask if there was a way to bypass TLS cert authentication.
It's not possible for wireless networks. It might be possible for wired networks. Alan DeKok.
Hi Alan - This is a wireless network. If you have a minute could you explain why this is different between `wireless' & `wired' system? Thanks for your time, Jerry -----Original Message----- From: freeradius-users-bounces+jerry.jackson=motorola.com@lists.freeradius.org [mailto:freeradius-users-bounces+jerry.jackson=motorola.com@lists.freera dius.org] On Behalf Of Alan DeKok Sent: Monday, November 24, 2008 10:36 AM To: FreeRadius users mailing list Subject: Re: question Jackson Jerry-NPC637 wrote:
Hi -
Summary - I want/need to configure free radius to allow a TLS user on to the system; without having To authenticate the certs? I am not sure if this is possible, but wanted to ask if there was a way to bypass TLS cert authentication.
It's not possible for wireless networks. It might be possible for wired networks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi Alan -
This is a wireless network. If you have a minute could you explain why this is different between `wireless' & `wired' system?
for wireless 802.1X the cert is used as part of the securing system to create keyed content to ensure the encryption of the data for wired 802.1X the only time there is any encryption is during the authentication phase - after that, the data channel to the switch is clear - thus no need for any 'real' security to be contructed. with wired you can get away with almost murder....in fact, on some switches you can get away with even worse ;-) alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Jackson Jerry-NPC637