Sorry, this is the first chance I have had to come back to this. No, we are not using that as the virtual server. I think ours was based on the default and is doing EAP-TLS too. Currently if the request comes from our wireless LAN controllers it puts it into our local eduroam virtual server, to which I added EAP-TLS. I'm struggling to find any documentation or examples on using the check_eap_tls module. It is a case of putting something in our local eduroam virtual server to punt TLS attempts off to this server? Where would you put that without breaking the EAP-PEAP authentication? David On 18/12/15 11:41, Matthew Newton wrote:
On Fri, Dec 18, 2015 at 11:12:52AM +0000, David Hartburn wrote:
We are using LDAP to check for group membership, so we need the lookup to do that authorization.
Are you using the check_eap_tls virtual server? It's designed to do just that for EAP-TLS.
It gets called once at certificate verification time.
Matthew