<div dir="ltr">Is it possible to have multiple email address in the “rightid“ parameter ? Maybe I can list all authorized users for each server instead of relying on Distinguished Names ?<br></div><br><div class="gmail_quote"><div dir="ltr">Le mer. 3 oct. 2018 à 08:42, Matthieu Nantern <<a href="mailto:matthieu.nantern@margo.com">matthieu.nantern@margo.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi !</div><div><br></div><div>I installed StrongSwan to allow my users (mainly MacOs X clients) to use the native ikev2 authentication. Everything is working fine.</div><div><br></div><div>Now I would like to implement something like that : <a href="https://www.strongswan.org/testing/testresults/ikev2/wildcards/index.html" target="_blank">https://www.strongswan.org/testing/testresults/ikev2/wildcards/index.html</a> ; allowing some clients to access some network and not the others.</div><div><br></div><div>Unfortunately I didn't see (or understand) the issue on that page (<a href="https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile</a>) :</div><div><br></div><div><ul><li>ASN.1 Distinguished Names can't be used as identities because the client currently sends them as identities of type FQDN.</li></ul></div><div><br></div><div>As a result when I put rightid in my configuration it's not working because MacOsX is only sending a fqdn (an email address in my case) and not the Distinguished Name.<br></div><div><br></div><div>My question is how can allow (or deny) some network to some user? <br></div><div><br></div><div>I have a file that associates email address to "role" but I don't know how to use it. Maybe a plugin?</div><div><br></div><div>Any ideas/links?</div><div><br></div><div>Thank you!<br></div><div>-- <br><div dir="ltr" class="m_8088422313965390403gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre>Matthieu Nantern</pre></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><pre>Matthieu Nantern
SRE, Margo Bank
+33683148506</pre></div></div></div></div>