Hmm, but EAPTLS_NoCheckId also doesn't check that the cert name matches the computer name. Seems like I would want the cert name checked? Is there a way I can still check the cert name?
Sorry to have so many questionsÅ Thanks, Joy On 12/8/11 5:26 PM, "Heikki Vatiainen" <h...@open.com.au> wrote: >On 12/09/2011 12:15 AM, Joy Veronneau wrote: > >> But if I do that, I will still have to have the names of the machines in >> the tls_anon file, wouldn't I? > >Good point, I overlooked that part. Please see ref.pdf section "5.20.46 >EAPTLS_NoCheckId". You can turn off the name check. > >Thanks! >Heikki > >> Thanks, >> >> Joy >> >> On 12/8/11 5:07 PM, "Heikki Vatiainen" <h...@open.com.au> wrote: >> >>> On 12/07/2011 11:42 PM, Joy Veronneau wrote: >>> >>> Hello Joy, >>> >>>> I am still working on my machine based authentication config. >>>> >>>> Config1 (below) works fine but requires that the names of the machines >>>> be >>>> listed in the file tls_anon. >>> >>> Try with something like this: >>> <Handler ...> >>> AuthByPolicy ContinueWhileAccept >>> AuthBy file-tls >>> AuthBy external-adcert >>> </Handler> >>> >>> With the above EAP-TLS will run first and when it is done and returns >>> ACCEPT, the AuthBy EXTERNAL extra check will run determining the >>>outcome >>> of the whole authentication process. >>> >>> Please let us know of your results _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator