[strongSwan] radius and certificate CN user authentication

Miroslav Kubiczek miroslav.kubiczek at adaptivemobile.com
Tue Sep 9 16:43:58 CEST 2014


Hi,

Can anybody help me to configure radius accounting? I’d like to use radius to authenticate users defined in certificate CN=XXX value. 

I had the following working config which nevertheless prompts for username and password on the device (iPhone):

conn ios
      keyexchange=ikev1
      authby=xauthrsasig
      xauth=server
      leftcert=server_cert.pem
      left=10.30.10.213
      leftsubnet=0.0.0.0/0
      right=%any
      rightsourceip=10.30.11.120/29
      rightdns=208.67.220.220
      auto=add
      type=tunnel
      rekey=no

What can I do to use the CN value from certificate for radius account instead being prompted for the username and pwd?

I have triad many combinations suggested on the eap-radius web page but it always failed like this:

14[CFG] looking for XAuthInitRSA peer configs matching 10.30.10.213...10.30.10.121[00=AdaptiveMobile, CN=iphone-miro"]
14[IKE] no peer config found


Thanks,
Miro




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140909/fb0e8fa7/attachment.pgp>
-------------- next part --------------
*****************************************This email and any files transmitted with are confidential and intended solely for the use of the individual or entity to whom they are addressed.  If you have received this email in error then please delete it and notify the sender. Do not make a copy or forward it to anyone.  This footnote also confirms that this email message has been swept for the presence of computer viruses. Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK). Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140909/fb0e8fa7/attachment.html>


More information about the Users mailing list