Re: Freeradius EAP-TLS - every 2nd (even) attempt unsuccessfull
gracian at centrum.cz
gracian at centrum.cz
Sat Dec 5 20:45:42 CET 2015
Alan,
I have CentOS 7.1 so the upgrade of the radius package is quite complicated, but I'll try.
Could you guide me please, against what attribute I should check the client certificate for eap-tls mode?
Thank you very much Alan for your time and effort
Gracian
______________________________________________________________
> Od: Alan DeKok <aland at deployingradius.com>
> Komu: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Datum: 05.12.2015 20:33
> Předmět: Re: Freeradius EAP-TLS - every 2nd (even) attempt unsuccessfull
>
> On Dec 5, 2015, at 1:40 PM, <gracian at centrum.cz> <gracian at centrum.cz> wrote:
> here is full (sorry for that) output of "radiusd -X" test during which an attempt was unsuccessfull again with tls cache disabled. As you can see below, there is not TLS-Client-Cert-Common-Name in the output so the check-eap-tls fails.
Upgrade to 3.0.10.
And verify that the check *you added* for TLS-Client-Cert-Common-Name is correct.
There is no way that simply disabling the "cache" entry causes authentication to fail. The default configuration does *not* have checks for TLS-Client-Cert-Common-Name.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <http://www.freeradius.org/list/users.html>
More information about the Freeradius-Users
mailing list