Logging problem

Norbert Wegener norbert.wegener at siemens.com
Fri Sep 12 10:41:53 CEST 2008


If fear not...

 eap {
                                         invalid = 1
                                                 }
                        if (invalid) {
                         update reply {
                        Tmp-String-5="INVALID Certificate"
                                }
...
 TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server cisco
Using Post-Auth-Type Reject
+- entering group REJECT {...}

...

Alan DeKok schrieb:
> Norbert Wegener wrote:
>   
>> It seems, "if (invalid) " is not entered and I don't see why.
>>     
>
>   The default behavior for "invalid" is to stop processing the request.
>  This can be changed by:
>
>         eap {
>                 invalid = 1
>         }
>         if ( invalid ) {
>                 ...
>
>   I'm not sure the default behavior is really documented anywhere,
> unfortunately.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080912/0d20a3a9/attachment.html>


More information about the Freeradius-Users mailing list