Artur Hecker [EMAIL PROTECTED] wrote:
well, theortically, it needs a signing capacity (represented by an
included extension) to do this. anyway, in my config the client
certificates are _not_ signed by this one, they are - of course - signed
by the private key of the CA... as ANY
ok, i've got it.
obviously, i thought you were talking about a new possibility. always
interested... :-)
thanks
artur
Alan DeKok wrote:
Artur Hecker [EMAIL PROTECTED] wrote:
well, theortically, it needs a signing capacity (represented by an
included extension) to do this. anyway, in my config
BLANCA FERRERO RODRIGUEZ [EMAIL PROTECTED] wrote:
I'm tryng authentication with eap/tls. It works propertly but my
doubt is: if I try to connect with a user called 'proof' for example
and it is not included in my users file, should it be allowed to
connect to the network despite having a
BLANCA FERRERO RODRIGUEZ [EMAIL PROTECTED] wrote:
so if a user with a correct certificate tries to authenticate
against radius although it is not in the users file will it have
access to teh network?
That's what I said.
is there any way that I can control this
access of users with the
is there any way that I can control this
access of users with the users file although they have a correct
cert?
Yes. Tell the server to reject the user.
sotty to insist but could you tell me how to do this exactly?
bfr
-
List info/subscribe/unsubscribe? See
hi
BLANCA FERRERO RODRIGUEZ wrote:
is there any way that I can control this
access of users with the users file although they have a correct
cert?
sotty to insist but could you tell me how to do this exactly?
you should add a default behaviour which is reject, ie. a DEFAULT entry
with
hi Alan
Yes. The users file is just one form of controlling user access.
You can store users in SQL, LDAP, or in signed certificates.
i have a silly question: which signed certificates? do you have more
info on this?
ciao
artur
--
Artur Hecker
artur[at]hecker.info
-
List
Artur Hecker [EMAIL PROTECTED] wrote:
i have a silly question: which signed certificates? do you have more
info on this?
EAP-TLS. If the certificate supplied by the user is signed by the
certificate FreeRADIUS is using, then it assumes that the user is OK.
Alan DeKok.
-
List
hi alan
EAP-TLS. If the certificate supplied by the user is signed by the
certificate FreeRADIUS is using, then it assumes that the user is OK.
if i understand you correctly, you describe a case where the CA-root
certificate and the server certificates are one and the same, don't you?
why
Artur Hecker [EMAIL PROTECTED] wrote:
if i understand you correctly, you describe a case where the CA-root
certificate and the server certificates are one and the same, don't you?
No, but where the client certificates are signed by the server
certificate.
In that case, the server (through
Artur Hecker [EMAIL PROTECTED] wrote:
oh.. so theoretically the server needs a special server certificate
enabling it to sign something, right? (with the right extensions, etc.)
Yes. See the tls{} configuration. It points to a server
certificate. The client certificates are signed with
Fr=?iso-8859-1?Q?=E9d=E9ric_EVRARD?= [EMAIL PROTECTED] wrote:
Yes. See the tls{} configuration. It points to a server
certificate. The client certificates are signed with this certificate.
And then for what the root certificate is used on client side ??
So the client knows it's
I'm tryng authentication with eap/tls. It works propertly but my doubt is: if I try to
connect with a user called 'proof' for example and it is not included in my users
file, should it be allowed to connect to the network despite having a correct
certificate? if not what am I doping wrong
13 matches
Mail list logo