<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
If fear not...<br>
<br>
 eap {<br>
                                         invalid = 1<br>
                                                 }<br>
                        if (invalid) {<br>
                         update reply {<br>
                        Tmp-String-5="INVALID Certificate"<br>
                                }<br>
...<br>
 TLS_accept:error in SSLv3 read client certificate B <br>
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned<br>
SSL: SSL_read failed in a system call (-1), TLS session fails.<br>
TLS receive handshake failed during operation<br>
[tls] eaptls_process returned 4 <br>
[eap] Handler failed in EAP/tls<br>
[eap] Failed in EAP select<br>
++[eap] returns invalid<br>
Failed to authenticate the user.<br>
} # server cisco<br>
Using Post-Auth-Type Reject<br>
+- entering group REJECT {...}<br>
<br>
...<br>
<br>
Alan DeKok schrieb:
<blockquote cite="mid:48CA2897.2010103@deployingradius.com" type="cite">
  <pre wrap="">Norbert Wegener wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">It seems, "if (invalid) " is not entered and I don't see why.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
  The default behavior for "invalid" is to stop processing the request.
 This can be changed by:

        eap {
                invalid = 1
        }
        if ( invalid ) {
                ...

  I'm not sure the default behavior is really documented anywhere,
unfortunately.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
  </pre>
</blockquote>
<br>
</body>
</html>