[strongSwan] radius and certificate CN user authentication

Dirk Hartmann dha at heise.de
Wed Sep 10 12:21:05 CEST 2014

--On Wednesday, September 10, 2014 12:09:52 PM +0200 Miroslav Kubiczek 
<miroslav.kubiczek at adaptivemobile.com> wrote:

>> --On Wednesday, September 10, 2014 11:31:07 AM +0200 Martin Willi
>> <martin at strongswan.org> wrote:
>>>> I had the following working config which nevertheless prompts for
>>>> username and password on the device (iPhone):
>>> The whole point of XAuth authentication is to verify a
>>> username/password combination. You may disable XAuth if you don't
>>> want that. Not sure if that can be configured in the iPhone UI,
>>> though.
>> AFAIK this isn't possible. But you could use
>> rightauth2=xauth-noauth
>> for this connection so any combination of username/password would be
>> accepted.
> Thanks for all suggestions! I tried xauth-noauth and got this error:
> 15[CFG] no XAuth method found for 'noauth'
> So I assume I have to rebuild with: --enable-xauth-noauth configure
> option?

yes. And you have to use a version of strongswan newer than 5.0.2 
because the option was introduced in 5.0.3.

More information about the Users mailing list