-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Alan DeKok wrote:
Sven 'Darkman' Michels wrote:
here we can CLEARLY see that EAP is done before LDAP exactly, yeah, but the log says the other way around. I get a ldap request, which succeeds and after that a tls NACK (due to no cert). I would expect its the other way around, shouldn't it?
Post the debug log. It lists which modules are being executed, and in what order.
Will do so later. Busy day today, sorry :(
EAP uses *many* round trips. So you may be looking at the output from two different packets, and concluding that the processing is in a *different* order than in the config files.
Read the debug log. It's *all* there.
Ok, i'll doublecheck that. But just a note: if i use the wrong cert and see a NACK message in the log - then my ttls failed and i shouldn't see a ldap query at all...? Or do i missunderstand something here? I just want to make sure that my client is "my" client, and not a stranger. Thats why i want the eap stuff (to force all "signed" by the clients cert, and avoid password attacks and stuff like that). Thanks for your (quick) help so far. Many regards, Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH6m1aQoCguWUBzBwRAoPrAKCOmL1bNYMan8eZIfcCSansLFUlvwCfVbFA YjUDvyfJn8rN7P1JwA0RjMw= =IUrc -----END PGP SIGNATURE-----