Hi Alex,
if you read mods-enabled/eap you'll go to the tls {} section and see the bit that says
# # As part of checking a client certificate, the EAP-TLS # sets some attributes such as TLS-Client-Cert-CN. This # virtual server has access to these attributes, and can # be used to accept or reject the request. # # virtual_server = check-eap-tls
*blushes* I don't know how I missed that! Thank you! Back to testing. Matthew On Thu, Sep 15, 2016 at 1:31 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I've placed a symlink in /etc/raddb/sites-enabled to /etc/raddb/sites-available for the check-eap-tls virtual server.
aye...but the server needs to know to send the packet to it....so you need to configure the eap module appropriately,.
if you read mods-enabled/eap you'll go to the tls {} section and see the bit that says
# # As part of checking a client certificate, the EAP-TLS # sets some attributes such as TLS-Client-Cert-CN. This # virtual server has access to these attributes, and can # be used to accept or reject the request. # # virtual_server = check-eap-tls
eap { <snip>
# Linked to sub-module rlm_eap_tls tls { tls = "tls-common" }
<snip>
uncomment.
enjoy
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html