about "freeradius accepts anybody"

Ivan Kalik tnt at kalik.net
Thu Jul 10 15:41:41 CEST 2008

>first, freeradius looks in users file, and only if client is authorized, 
>checks DNIe. There aren't any problem, only want to show, maybe help 
>somebody, and to show Ivan Kalik how clients and servers can trust in 
>different ca's. 

Oh, but I know exactly what you have done. You have created a list of
nonsense user entries in users file and forced Auth-Type Reject on all
the rest. And that has nothing to do with server and client certificates
being issued bu different CA's.

This will work as well:

            Fall-Through = No

            Fall-Through = No


DEFAULT   Auth-Type := Reject

What I don't understand is why? If you do trust issuer of those
certificates why are you "filtering"? And if you don't trust the
issuer - why are you using client certificates?

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list