about "freeradius accepts anybody"
Fernando
fbernal at um.es
Thu Jul 10 12:53:03 CEST 2008
let me see... at this time... can all client with a valid certificate
gain access to the network?
Sergio Yébenes Moreno wrote:
> Fernando escribió:
>>
>> I don't understand, what is your goal?
>>
>> Sergio Yébenes Moreno wrote:
>>> Using eap-tls we can make a "filter" to users, based on different
>>> attibutes (I think). In my case, the "identity" field in
>>> wpa_supplicant.conf.
>>>
>>> Freeradius config:
>>>
>>> file users contains this
>>> .....
>>> .....
>>> $INCLUDE autorizados
>>> DEFAULT Auth-Type := Reject
>>> Reply-Message = "out"
>>> ......
>>> ......
>>>
>>> file autorizados contains this
>>> "user1" Cleartext-Password := ""
>>> Reply-Message = "Autorizando....."
>>> Fall-Through = No
>>> "user2" ............
>>> ...........
>>>
>>> I had to make this because I'm not the signer of client
>>> certificates, only for server. I hope that somebody will help this.
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>> __________ Información de NOD32, revisión 3257 (20080710) __________
>>
>> Este mensaje ha sido analizado con NOD32 antivirus system
>> http://www.nod32.com
>>
>>
>>
> To use eap-tls with client certs signed by a public CA. Public CA
> means that I can't do anything with this. But I don't want that
> everybody comes to my network. I know that my english isn't very
> clear, but I think it's very simple. Clients are in a public PKI.
> Servers are in my own PKI. Clients trust in my PKI, servers trust in
> this public PKI. But servers only authorize some users.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list