here is the output :



 Evaluating ("%{TLS-Client-Cert-Subject}" =~xxxxxxxx//) -> TRUE
++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxx\// ) -> TRUE
++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/O=xxxxxxxxxxxx\// ) {...}
+++? if ("%{TLS-Client-Cert-Subject}" =~ /\/OU=xxxxxxxxxxxx\// )
        expand: %{TLS-Client-Cert-Subject} -> /xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
? Evaluating ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxx\//) -> TRUE
+++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxx\// ) -> TRUE
+++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxx\// ) {...}
++++[noop] returns noop
+++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxx\// ) returns noop
+++ ... skipping else for request 21: Preceding "if" was taken
++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxxxxx\// ) returns noop
Login OK: [xxxxxxxxxxxxxxxxxx] (from client xxxxxxxxxxx


I understand that eap returns ok so user is authenticated.
It's not what i want to do.
i want client certificate to be authenticated by :
- be in users files
- have the "right" certificate

From: A.L.M.Buxey@lboro.ac.uk
To: zoumlander@hotmail.com; freeradius-users@lists.freeradius.org
Subject: Re: [EAP/TLS] Authenfication through a certificate
Date: Fri, 8 Feb 2013 16:20:20 +0000

As already said, post output of radiusd -X
(that will clearly show the logic taken)

alan