[strongSwan] *** Spam *** Re: allow multiple EAP identities but not %any
Christoph Harder
charder at telco-tech.de
Wed Oct 30 15:57:02 CET 2019
Hello Noel,
thank you.
So each identity gets it's own config and inherits all settings from the
base config except
connections.<conn>.remote<suffix>.eap_id
is set to one of the EAP identities
and
connections.<conn>.remote<suffix>.groups
is overwritten with "")?
Best regards,
Christoph Harder
TELCO TECH GmbH
Niederlassung Berlin
Mädewalder Weg 2
12621 Berlin
Tel.: +49 30 565862610
Web: www.telco-tech.de
Amtsgericht Potsdam-Stadt HRB 55 79
Geschäftsführung:
Bernd Schulz
Silke Schirmer
Am 30.10.19 um 15:24 schrieb Noel Kuntze:
> Hello list,
>
> Yes, you can do that.
> Create a base config that has eap_identity=%any but rightgroups=thisdoesnotexist.
> Then create specific configs for your other eap_identities that do not have rightgroups set.
> Make sure the base config is earlier in the config file than the others.
>
> Kind regards
>
> Noel
>
> Am 30.10.19 um 15:07 schrieb Michael Schwartzkopff:
>> On 30.10.19 14:53, Christoph Harder wrote:
>>> Hello everybody,
>>>
>>> is it possible to define multiple EAP identities per connection,
>>> without using %any ?
>>>
>>> For example in the swanctl.conf I define two connections and in the
>>> secrets section I define multiple EAP secrets/identities.
>>> Is there any way to specify connections.<conn>.remote<suffix>.eap_id
>>> so that only certain (but more than one) identities will be accepted?
>>> Or is there only the option to allow either all known identities or
>>> only a single one when using the swanctl.conf (and EAP identities
>>> stored in the secrets section)?
>>>
>>> Best regards,
>>> Christoph Harder
>>>
>>
>> Hi,
>>
>>
>> I do not know if strongswan is flexible enough for your purpose. But if
>> you have a RADIUS server as backend authentication, you could
>> accomplish your task in RADIUS.
>>
>>
>> Mit freundlichen Grüßen,
>>
>
More information about the Users
mailing list