Sergio wrote:
Fernando escribió:
Sergio Yébenes Moreno wrote:
Ivan Kalik escribió:
Ok. DNIe gives PUBLIC access control, to a public network
(university, madrid Wifi (jeje, gallardón va de rey alcalde) etc),
Dinamic keys, and all in 802.1x and, in consequence, 802.11i. But
probably we don't want everybody in this network.Surely we hadn't
spend money and time issuing certificates to clients. Because of
this, we have "autorizados" file. Then, we only should issue
certificates to radius. Clients trust in my CA, and radius trust
in "ministerio del interior" jejeje, that sings certificates for
everybody in Spain.
I can see where you are heading with this. You want to use
usernames/passwords *and* check client certificates. Freeradius
doesn't
support this. That is called PEAP-EAP-TLS and is supported in
Microsoft-only networks.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3257 (20080710) __________
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
I don't want to use passwords. Only want to use what at this time is
working: public domain eap-tls, but only students of an university,
for example. Probably there are better methods to do this, but this
works. I promise..... "identity" field in wpa_supplicant and cert's
"commonName" in winXP clients.
Now I want to put 3 virtual server, one for DNIe and one for
another public CA (FNMT) that have less range than DNIe. I'd like to
ask you, if you know. "authorize" section supports unlang and we can
use User-Name, for example, to authenticate in any virtual server. I
suspect that I can't do this based on signer of client certificate.
The point is that common name in certificates signed by FNMT comes
with a prefix well-known, and DNIe CommonName comes with a suffix
well-known. I don't know how to begin.....hints file, sites-enabled,
regular expressions....Freeradius virtual servers documentation
shows virtual server based on IP, access points, server pools, but
nothing about user credentials.....
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
mmmm.... Do you want authenticate people at different servers?. Use
a proxy.
CLIENT ------------------> PROXY RADIUS
------------------> DNIe AUTH
------------------> MY CA AUTH
ok?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3257 (20080710) __________
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
mmmmm I see that I can authenticate users to different servers, based
on the domain of user-name, using radius as a proxy. But I have
"(AUTENTICACIÓN)" suffix for some users and "NOMBRE" prefix for the
others. I think this will make me spent some time.....
Thanks Fernando
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
mmmm i don't understand... put a example :). what do you mean with
"AUTENTICACION" and "NOMBRE"?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
