>Ok. DNIe gives PUBLIC access control, to a public network (university, >madrid Wifi (jeje, gallardón va de rey alcalde) etc), Dinamic keys, and >all in 802.1x and, in consequence, 802.11i. But probably we don't want >everybody in this network.Surely we hadn't spend money and time issuing >certificates to clients. Because of this, we have "autorizados" file. >Then, we only should issue certificates to radius. Clients trust in my >CA, and radius trust in "ministerio del interior" jejeje, that sings >certificates for everybody in Spain.
I can see where you are heading with this. You want to use usernames/passwords *and* check client certificates. Freeradius doesn't support this. That is called PEAP-EAP-TLS and is supported in Microsoft-only networks. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
