RE: about "freeradius accepts anybody"
first, freeradius looks in users file, and only if client is authorized, checks DNIe. There aren't any problem, only want to show, maybe help somebody, and to show Ivan Kalik how clients and servers can trust in different ca's.
Oh, but I know exactly what you have done. You have created a list of nonsense user entries in users file and forced Auth-Type Reject on all the rest. And that has nothing to do with server and client certificates being issued bu different CA's. This will work as well: user1 Fall-Through = No user2 Fall-Through = No .. DEFAULT Auth-Type := Reject What I don't understand is why? If you do trust issuer of those certificates why are you "filtering"? And if you don't trust the issuer - why are you using client certificates? Ivan Kalik Kalik Informatika ISP
Ivan Kalik escribió:
first, freeradius looks in users file, and only if client is authorized, checks DNIe. There aren't any problem, only want to show, maybe help somebody, and to show Ivan Kalik how clients and servers can trust in different ca's.
Oh, but I know exactly what you have done. You have created a list of nonsense user entries in users file and forced Auth-Type Reject on all the rest. And that has nothing to do with server and client certificates being issued bu different CA's.
This will work as well:
user1 Fall-Through = No
user2 Fall-Through = No
..
DEFAULT Auth-Type := Reject
What I don't understand is why? If you do trust issuer of those certificates why are you "filtering"? And if you don't trust the issuer - why are you using client certificates?
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3257 (20080710) __________
Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
Oh, I'll try this. Really empty password is shit. Thanks
Alan DeKok escribió:
Sergio Yébenes Moreno wrote:
Oh, I'll try this. Really empty password is shit. Thanks
I think it's time for you to be polite.
Cursing at people who are trying to help you is inappropriate.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3257 (20080710) __________
Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
Sorry if I offend anybody. I don't bring bad intentions and my vocabulary is little, I have a word translation web page in favorites,jejeje. but I get upset when somebody refutes something that I'm sure works, because I've checked it. Only because I'm noice in this forum
participants (3)
-
Alan DeKok -
Ivan Kalik -
Sergio Yébenes Moreno