Logging EAP-TLS failures
Alan DeKok
aland at deployingradius.com
Thu Nov 1 21:11:52 CET 2018
On Nov 1, 2018, at 3:58 PM, Norman Elton <normelton at gmail.com> wrote:
>
> I'm using linelog to syslog RADIUS packets. I've found that if I call
> my linelog in my "authorize" section, immediately after referring to
> my EAP module, my linelog has access to all the certificate details.
> Issuer, expiration, etc.
Yes.
> I'd like to have similar details when the certificate is invalid. If
> the linelog is in the "authorize" section, right after my EAP module,
> its never reached, as the EAP failure causes the whole authorize
> section to fail immediately.
The information about bad certificates isn't available.
> Am I headed in the right direction? Is there a way to catch the
> certificate details in a linelog module after the certificate has been
> found invalid?
Not really.
Why are you looking for this?
Alan DeKok.
More information about the Freeradius-Users
mailing list