Ivan Kalik escribió:
first, freeradius looks in users file, and only if client is authorized, checks DNIe. There aren't any problem, only want to show, maybe help somebody, and to show Ivan Kalik how clients and servers can trust in different ca's.Oh, but I know exactly what you have done. You have created a list of nonsense user entries in users file and forced Auth-Type Reject on all the rest. And that has nothing to do with server and client certificates being issued bu different CA's. This will work as well: user1 Fall-Through = No user2 Fall-Through = No .. DEFAULT Auth-Type := Reject What I don't understand is why? If you do trust issuer of those certificates why are you "filtering"? And if you don't trust the issuer - why are you using client certificates? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ Información de NOD32, revisión 3257 (20080710) __________ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
Oh, I'll try this. Really empty password is shit. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
