Ivan Kalik escribió:
"AUTENTICACIÓN" is a suffix of user-name, but only for those
certificates that are subordinated to FNMT ca. "NOMBRE" is a prefix of
user-name which have DNIe, subordinated to another ca. I want to
configure two virtual servers based on this details, if I can.
OK. I had a look and found out that these are not really user
certificates but electronic ID cards.
Since you won't know which of the two authorities issued an ID card for
your user (they probably could have both and use one today and another
one tomorrow), you should duplicate your filtering user entries in users
file: one with prefix, one with suffix.
You should have several hunderd user entries in users file so doubling
them will have very little impact on performance. But for every change
to users file you will need to restart the server (AFAIK HUP-ing is
still not recommended).
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3260 (20080710) __________
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com
Wow. I'm authenticating users from both ca's in the same server, just
configuring two eap modules () and changing all references to eap module
into sites-enabled/default. I've commented the $INCLUDE proxy.conf in
radiusd.conf because I didn't need it but I have problems with
sites-enabled/inner-tunnel. I don't need neither PEAP and TTLS so I've
just moved this file to another directory because it's included in
$INCLUDE sites-enabled/. I think it's a brute change.....and you?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
