On Jan 23, 2019, at 11:30 AM, Martin Pauly <pauly@hrz.uni-marburg.de> wrote:
Am 23.01.19 um 16:27 schrieb Alan DeKok:
The server should log what the client sends. The debug log you posted doesn't include that. So maybe the client*is* sending "pauly1" for the outer ID.
No, it sends "eduroam@staff.uni-marburg.de". (At least I tell the client to so, and it successfully triggers my cert processing fork.)
Here are the full debug logs (sorry not the same devices, but the effect is consistent across several client platforms).
Hmm.. when I try it with the v3.0.x head, I get: (6) Login OK: [bob] (from client localhost port 0 via TLS tunnel) (6) Login OK: [anonymous] (from client localhost port 0 cli 02-00-00-00-00-01) Maybe try that? I don't recall specifically if anything changed in the source, but it might have. Alan DeKok.