about "freeradius accepts anybody"

Ivan Kalik tnt at kalik.net
Thu Jul 10 00:42:32 CEST 2008


>file autorizados contains this
> "user1"    Cleartext-Password := ""
>                Reply-Message = "Autorizando....."
>                Fall-Through = No

That's not going to work. You can't make EAP-TLS use passwords.

>I had to make this because I'm not the signer of client certificates,
>only for server.

What are people with certificates that you haven't issued doing on your
network? If you are accepting users from another organization, proxy
requests to their home server. But if you are to maintain control over
who gets access to your network you should tell people to use PEAP and
give them usernames/passwords that you will store in autorizados file.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list