Thank you for reply. I changed check-eap-tls before ocsp as bellow raddb/mods-available/eap tls { tls = tls-common virtual_server = check-eap-tls ocsp { enable = yes override_cert_url = yes url = "http://x.x.x.x:2560/ocsp/" } } raddb/sites-enabled/check-eap-tls if ("%{TLS-Client-Cert-Common-Name}" =~ /^.*@domain\.com$/) { update config { &Auth-Type := Accept } } but in this case ocsp never execute if check-eap-tls success. any ideas? On 2016/04/22 17:03, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
Is it possible to execute check-eap-tls before checking ocsp? and Is it possible to skip ocsp checking if check-eap-tls fail?
have you changed the order in the config? the server works by config order......
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html