Re: [EAP/TLS] Authenfication through a certificate
As already said, post output of radiusd -X (that will clearly show the logic taken) alan
here is the output : Evaluating ("%{TLS-Client-Cert-Subject}" =~xxxxxxxx//) -> TRUE ++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxx\// ) -> TRUE ++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/O=xxxxxxxxxxxx\// ) {...} +++? if ("%{TLS-Client-Cert-Subject}" =~ /\/OU=xxxxxxxxxxxx\// ) expand: %{TLS-Client-Cert-Subject} -> /xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ? Evaluating ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxx\//) -> TRUE +++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxx\// ) -> TRUE +++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxx\// ) {...} ++++[noop] returns noop +++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxx\// ) returns noop +++ ... skipping else for request 21: Preceding "if" was taken ++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxxxxx\// ) returns noop Login OK: [xxxxxxxxxxxxxxxxxx] (from client xxxxxxxxxxx I understand that eap returns ok so user is authenticated. It's not what i want to do. i want client certificate to be authenticated by : - be in users files - have the "right" certificate From: A.L.M.Buxey@lboro.ac.uk To: zoumlander@hotmail.com; freeradius-users@lists.freeradius.org Subject: Re: [EAP/TLS] Authenfication through a certificate Date: Fri, 8 Feb 2013 16:20:20 +0000 As already said, post output of radiusd -X (that will clearly show the logic taken) alan
participants (2)
-
Alan Buxey -
vazoumana fofana