about "freeradius accepts anybody"
Ivan Kalik
tnt at kalik.net
Thu Jul 10 15:41:41 CEST 2008
>first, freeradius looks in users file, and only if client is authorized,
>checks DNIe. There aren't any problem, only want to show, maybe help
>somebody, and to show Ivan Kalik how clients and servers can trust in
>different ca's.
Oh, but I know exactly what you have done. You have created a list of
nonsense user entries in users file and forced Auth-Type Reject on all
the rest. And that has nothing to do with server and client certificates
being issued bu different CA's.
This will work as well:
user1
Fall-Through = No
user2
Fall-Through = No
..
DEFAULT Auth-Type := Reject
What I don't understand is why? If you do trust issuer of those
certificates why are you "filtering"? And if you don't trust the
issuer - why are you using client certificates?
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list