Fernando escribió:
Sergio wrote:
Fernando escribió:
Sergio Yébenes Moreno wrote:
Ivan Kalik escribió:
Ok. DNIe gives PUBLIC access control, to a public network
(university, madrid Wifi (jeje, gallardón va de rey alcalde)
etc), Dinamic keys, and all in 802.1x and, in consequence,
802.11i.
Sergio wrote:
Fernando escribió:
Sergio wrote:
Fernando escribió:
Sergio Yébenes Moreno wrote:
Ivan Kalik escribió:
Ok. DNIe gives PUBLIC access control, to a public network
(university, madrid Wifi (jeje, gallardón va de rey alcalde)
etc), Dinamic keys, and all in 802.1x and, in
AUTENTICACIÓN is a suffix of user-name, but only for those
certificates that are subordinated to FNMT ca. NOMBRE is a prefix of
user-name which have DNIe, subordinated to another ca. I want to
configure two virtual servers based on this details, if I can.
OK. I had a look and found out that
Ivan Kalik escribió:
AUTENTICACIÓN is a suffix of user-name, but only for those
certificates that are subordinated to FNMT ca. NOMBRE is a prefix of
user-name which have DNIe, subordinated to another ca. I want to
configure two virtual servers based on this details, if I can.
OK. I had
Ivan Kalik escribió:
AUTENTICACIÓN is a suffix of user-name, but only for those
certificates that are subordinated to FNMT ca. NOMBRE is a prefix of
user-name which have DNIe, subordinated to another ca. I want to
configure two virtual servers based on this details, if I can.
OK. I had
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Using eap-tls we can make a filter to users, based on different
attibutes (I think). In my case, the identity field in
wpa_supplicant.conf.
Freeradius config:
file users contains this
.
.
$INCLUDE autorizados
Ivan Kalik escribió:
file autorizados contains this
user1Cleartext-Password :=
Reply-Message = Autorizando.
Fall-Through = No
That's not going to work. You can't make EAP-TLS use passwords.
That's work
I had to make this because I'm not the signer
Fernando escribió:
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Using eap-tls we can make a filter to users, based on different
attibutes (I think). In my case, the identity field in
wpa_supplicant.conf.
Freeradius config:
file users contains this
.
.
let me see... at this time... can all client with a valid certificate
gain access to the network?
Sergio Yébenes Moreno wrote:
Fernando escribió:
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Using eap-tls we can make a filter to users, based on different
Fernando escribió:
let me see... at this time... can all client with a valid
certificate gain access to the network?
Sergio Yébenes Moreno wrote:
Fernando escribió:
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Using eap-tls we can make a filter to users, based
Fernando escribió:
let me see... at this time... can all client with a valid
certificate gain access to the network?
Sergio Yébenes Moreno wrote:
Fernando escribió:
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Using eap-tls we can make a filter to users, based
Sergio Yébenes Moreno wrote:
Fernando escribió:
let me see... at this time... can all client with a valid
certificate gain access to the network?
Sergio Yébenes Moreno wrote:
Fernando escribió:
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Using eap-tls we can
Ok. DNIe gives PUBLIC access control, to a public network (university,
madrid Wifi (jeje, gallardón va de rey alcalde) etc), Dinamic keys, and
all in 802.1x and, in consequence, 802.11i. But probably we don't want
everybody in this network.Surely we hadn't spend money and time issuing
Fernando escribió:
Sergio Yébenes Moreno wrote:
Fernando escribió:
let me see... at this time... can all client with a valid
certificate gain access to the network?
Sergio Yébenes Moreno wrote:
Fernando escribió:
I don't understand, what is your goal?
Sergio Yébenes Moreno wrote:
Sergio Yébenes Moreno wrote:
I don't want to use passwords.
Then why did the configurations you posted use passwords?
Now I want to put 3 virtual server, one for DNIe and one for another
public CA (FNMT) that have less range than DNIe. I'd like to ask you, if
you know. authorize section
first, freeradius looks in users file, and only if client is authorized,
checks DNIe. There aren't any problem, only want to show, maybe help
somebody, and to show Ivan Kalik how clients and servers can trust in
different ca's.
Oh, but I know exactly what you have done. You have created a
Sergio Yébenes Moreno wrote:
Ivan Kalik escribió:
Ok. DNIe gives PUBLIC access control, to a public network
(university, madrid Wifi (jeje, gallardón va de rey alcalde) etc),
Dinamic keys, and all in 802.1x and, in consequence, 802.11i. But
probably we don't want everybody in this
Alan DeKok escribió:
Sergio Yébenes Moreno wrote:
I don't want to use passwords.
Then why did the configurations you posted use passwords?
Now I want to put 3 virtual server, one for DNIe and one for another
public CA (FNMT) that have less range than DNIe. I'd like to ask you,
Ivan Kalik escribió:
first, freeradius looks in users file, and only if client is authorized,
checks DNIe. There aren't any problem, only want to show, maybe help
somebody, and to show Ivan Kalik how clients and servers can trust in
different ca's.
Oh, but I know exactly what you have
Sergio Yébenes Moreno wrote:
Oh, I'll try this. Really empty password is shit. Thanks
I think it's time for you to be polite.
Cursing at people who are trying to help you is inappropriate.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sergio Yébenes Moreno wrote:
If I don't put Cleartext-Password := field (!!!), the user always
be rejected. Can anybody to explain this?
Read the debug output as suggested in the FAQ, README, INSTALL, and
daily on this list.
It's not hard.
Alan DeKok.
-
List
Fernando escribió:
Sergio Yébenes Moreno wrote:
Ivan Kalik escribió:
Ok. DNIe gives PUBLIC access control, to a public network
(university, madrid Wifi (jeje, gallardón va de rey alcalde) etc),
Dinamic keys, and all in 802.1x and, in consequence, 802.11i. But
probably we don't want everybody
Alan DeKok escribió:
Sergio Yébenes Moreno wrote:
Oh, I'll try this. Really empty password is shit. Thanks
I think it's time for you to be polite.
Cursing at people who are trying to help you is inappropriate.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Fernando escribió:
Sergio Yébenes Moreno wrote:
Ivan Kalik escribió:
Ok. DNIe gives PUBLIC access control, to a public network
(university, madrid Wifi (jeje, gallardón va de rey alcalde) etc),
Dinamic keys, and all in 802.1x and, in consequence, 802.11i. But
probably we don't want everybody
If I don't put Cleartext-Password := field (!!!), the user always be
rejected. Can anybody to explain this?I haven't tried with some
password, because results me ridiculous, I haven't configure any password for
clients...
Let's put that to the test. Put the username that you
Ivan Kalik escribió:
If I don't put Cleartext-Password := field (!!!), the user always be
rejected. Can anybody to explain this?I haven't tried with some password, because
results me ridiculous, I haven't configure any password for clients...
Let's put that to the test. Put
The situation that you exposed logically works. But I can't authorize
all users in spite of having a valid certificate, because the public
PKI.
.. what? You can authenticate some users (which) - what's the problem
with the others?
Then, users file:
...
user1
.
user2
.
Ivan Kalik escribió:
The situation that you exposed logically works. But I can't authorize
all users in spite of having a valid certificate, because the public
PKI.
.. what? You can authenticate some users (which) - what's the problem
with the others?
Any problem now
Then,
file autorizados contains this
user1Cleartext-Password :=
Reply-Message = Autorizando.
Fall-Through = No
That's not going to work. You can't make EAP-TLS use passwords.
I had to make this because I'm not the signer of client certificates,
only for
29 matches
Mail list logo