Is it possible to have multiple email address in the “rightid“ parameter ? Maybe I can list all authorized users for each server instead of relying on Distinguished Names ?
Le mer. 3 oct. 2018 à 08:42, Matthieu Nantern <matthieu.nant...@margo.com> a écrit : > Hi ! > > I installed StrongSwan to allow my users (mainly MacOs X clients) to use > the native ikev2 authentication. Everything is working fine. > > Now I would like to implement something like that : > https://www.strongswan.org/testing/testresults/ikev2/wildcards/index.html > ; allowing some clients to access some network and not the others. > > Unfortunately I didn't see (or understand) the issue on that page ( > https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile) : > > > - ASN.1 Distinguished Names can't be used as identities because the > client currently sends them as identities of type FQDN. > > > As a result when I put rightid in my configuration it's not working > because MacOsX is only sending a fqdn (an email address in my case) and not > the Distinguished Name. > > My question is how can allow (or deny) some network to some user? > > I have a file that associates email address to "role" but I don't know how > to use it. Maybe a plugin? > > Any ideas/links? > > Thank you! > -- > > Matthieu Nantern > > -- Matthieu Nantern SRE, Margo Bank +33683148506