about "freeradius accepts anybody"
Sergio
sergioyebenes at alumnos.upm.es
Sat Jul 12 19:20:50 CEST 2008
Ivan Kalik escribió:
>> "AUTENTICACIÓN" is a suffix of user-name, but only for those
>> certificates that are subordinated to FNMT ca. "NOMBRE" is a prefix of
>> user-name which have DNIe, subordinated to another ca. I want to
>> configure two virtual servers based on this details, if I can.
>>
>
> OK. I had a look and found out that these are not really user
> certificates but electronic ID cards.
>
> Since you won't know which of the two authorities issued an ID card for
> your user (they probably could have both and use one today and another
> one tomorrow), you should duplicate your filtering user entries in users
> file: one with prefix, one with suffix.
>
> You should have several hunderd user entries in users file so doubling
> them will have very little impact on performance. But for every change
> to users file you will need to restart the server (AFAIK HUP-ing is
> still not recommended).
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> __________ Información de NOD32, revisión 3260 (20080710) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
>
Wow. I'm authenticating users from both ca's in the same server, just
configuring two eap modules () and changing all references to eap module
into sites-enabled/default. I've commented the $INCLUDE proxy.conf in
radiusd.conf because I didn't need it but I have problems with
sites-enabled/inner-tunnel. I don't need neither PEAP and TTLS so I've
just moved this file to another directory because it's included in
$INCLUDE sites-enabled/. I think it's a brute change.....and you?
Thanks
More information about the Freeradius-Users
mailing list