Hi I am getting the following message in log first it satatrts (radiud -X) [root@localhost radius]# cat radius.log Wed May 30 11:24:14 2007 : Info: Using deprecated naslist file. Support for this will go away soon. Wed May 30 11:24:14 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed May 30 11:24:14 2007 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed May 30 11:24:14 2007 : Info: Ready to process requests. But if again start the server no logs and nothing other than this is coming in the log. regarding users file in navisradius i uesd to do that in EAP_TLS thats why i asked. Regards Anoop --
Message: 5 Date: Tue, 29 May 2007 09:42:52 +0100 From: <tnt@kalik.co.yu> Subject: Re: log file for free radius 1.1.6 eap-tls authentication To: \"FreeRadius users mailing list\" <freeradius-users@lists.freeradius.org> Message-ID: <g9b0RimS.1180428172.8965940.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2
1. That\'s not how certificates work. You add those that you want to PREVENT from connecting (for whatever reason) to Certificate Revocation List (CRL). You suposedly do have control over who are certificates issued to. If you have no control over CA then you shouldn\'t be using them.
2. Is anything (reading config files etc.) written to the log when you restart the server?
Ivan Kalik Kalik Informatika ISP
Dana 29/5/2007, \"anoop_c@sifycorp.com\" <anoop_c@sifycorp.com> pi?e:
Hi 1 I know its eap-tls and certificate based. Earlier i was using Navis radius .In that for eap-tls we have to add certificate name to a specific user file. Like that here also user file is there can i make use of the user file so that only that user get authenticated,
2 Logs are not happening.In config changes required to get the same? Regards Anoop
Message: 2 Date: Mon, 28 May 2007 15:07:06 +0100 From: <tnt@kalik.co.yu> Subject: Re: log file for free radius 1.1.6 eap-tls authentication To: \"FreeRadius users mailing list\" <freeradius-users@lists.freeradius.org> Message-ID: <a8emGRAP.1180361226.4861000.tnt@kalik.co.yu> Content-Type: text/plain; charset=ISO-8859-2
This is EAP-TLS. This user has a valid user certificate and is accepted. If you don\'t want to go via certificates but use user/password, use EAP-TTLS with MS-CHAPv2 (or PAP or any other auth protocol).
Ivan Kalik Kalik Informatika ISP