Additional EAP-TLS Logging Option

Alan DeKok aland at deployingradius.com
Tue Sep 7 17:57:23 CEST 2010


Ross, Michael wrote:
> Thanks.  I've got it working now where it logs things correctly for successful authentications, but I'm not having any luck getting the logging to work when the authentication fails.  The code that generates the attributes is being executed, but when it logs them they all show up as empty.  Here is my post-auth configuration:

  Hmm.. OK.  That would require some more in-depth debugging.

> Here's an example log from a request where the common name check within cbtls_verify failed:

  The issue is that there is no difference that I can see between the
accept && reject cases in the code.

> Note:  This is all with the patch submitted in the separate email.

  With the access to un-initialized memory:

> [tls] --> BUF-Name = ?
> [tls] --> subject =  ùeÊ_
> [tls] --> issuer  = `W?ßÿ

  My patch doesn't have that issue. :)

> Any suggestions or ideas?

  More detailed debugging to see what's going on...

  Alan DeKok.



More information about the Freeradius-Devel mailing list