Logging EAP-TLS failures

Alan DeKok aland at deployingradius.com
Thu Nov 1 21:11:52 CET 2018

On Nov 1, 2018, at 3:58 PM, Norman Elton <normelton at gmail.com> wrote:
> I'm using linelog to syslog RADIUS packets. I've found that if I call
> my linelog in my "authorize" section, immediately after referring to
> my EAP module, my linelog has access to all the certificate details.
> Issuer, expiration, etc.


> I'd like to have similar details when the certificate is invalid. If
> the linelog is in the "authorize" section, right after my EAP module,
> its never reached, as the EAP failure causes the whole authorize
> section to fail immediately.

    The information about bad certificates isn't available.

> Am I headed in the right direction? Is there a way to catch the
> certificate details in a linelog module after the certificate has been
> found invalid?

  Not really.

  Why are you looking for this?

  Alan DeKok.

More information about the Freeradius-Users mailing list