On Nov 3, 2016, at 6:43 AM, Davide Belloni <davide.belloni@gmail.com> wrote:
here's the log in question:Nov 2 16:53:15 radiusd[12046]: Received Access-Request packet from host 172.25.1.6 port 1645, id=108, length=216
PLEASE use "radiusd -X". Not "radiusd -Xxxxxx". The extra information just makes it hard to read.
I can't see the client certificate, do you think that I'm executing not an EAP-TLS auth?
It's not doing EAP-TLS, because the request is being rejected. Why? Something in your local configuration is rejecting it. Maybe like 55 of the "users" file.
And why, if the last ulang check is TRUE, the request isn't proxied?
Because the unlang checks don't proxy when they return true. And, because something else is making the server reject the packet.
User-Name, that I think is retrieved from certificate's CN by Windows. Is it not correct?
That should be correct. But Windows sometimes does crazy things.
I'm trying this setup because with "realms" configuration I can't filter the SSID
There are many, many, ways to reach the same goal. Some are simpler than others. Alan DeKok.