5 Dec
2015
5 Dec
'15
2:32 p.m.
On Dec 5, 2015, at 1:40 PM, <gracian@centrum.cz> <gracian@centrum.cz> wrote: here is full (sorry for that) output of "radiusd -X" test during which an attempt was unsuccessfull again with tls cache disabled. As you can see below, there is not TLS-Client-Cert-Common-Name in the output so the check-eap-tls fails.
Upgrade to 3.0.10. And verify that the check *you added* for TLS-Client-Cert-Common-Name is correct. There is no way that simply disabling the "cache" entry causes authentication to fail. The default configuration does *not* have checks for TLS-Client-Cert-Common-Name. Alan DeKok.