about "freeradius accepts anybody"
Sergio Yébenes Moreno
sergioyebenes at alumnos.upm.es
Fri Jul 11 12:47:16 CEST 2008
Fernando escribió:
>
> I don't understand, what is your goal?
>
> Sergio Yébenes Moreno wrote:
>> Using eap-tls we can make a "filter" to users, based on different
>> attibutes (I think). In my case, the "identity" field in
>> wpa_supplicant.conf.
>>
>> Freeradius config:
>>
>> file users contains this
>> .....
>> .....
>> $INCLUDE autorizados
>> DEFAULT Auth-Type := Reject
>> Reply-Message = "out"
>> ......
>> ......
>>
>> file autorizados contains this
>> "user1" Cleartext-Password := ""
>> Reply-Message = "Autorizando....."
>> Fall-Through = No
>> "user2" ............
>> ...........
>>
>> I had to make this because I'm not the signer of client certificates,
>> only for server. I hope that somebody will help this.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> __________ Información de NOD32, revisión 3257 (20080710) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
To use eap-tls with client certs signed by a public CA. Public CA means
that I can't do anything with this. But I don't want that everybody
comes to my network. I know that my english isn't very clear, but I
think it's very simple. Clients are in a public PKI. Servers are in my
own PKI. Clients trust in my PKI, servers trust in this public PKI. But
servers only authorize some users.
More information about the Freeradius-Users
mailing list