Logging problem
Norbert Wegener
norbert.wegener at siemens.com
Fri Sep 12 10:41:53 CEST 2008
If fear not...
eap {
invalid = 1
}
if (invalid) {
update reply {
Tmp-String-5="INVALID Certificate"
}
...
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server cisco
Using Post-Auth-Type Reject
+- entering group REJECT {...}
...
Alan DeKok schrieb:
> Norbert Wegener wrote:
>
>> It seems, "if (invalid) " is not entered and I don't see why.
>>
>
> The default behavior for "invalid" is to stop processing the request.
> This can be changed by:
>
> eap {
> invalid = 1
> }
> if ( invalid ) {
> ...
>
> I'm not sure the default behavior is really documented anywhere,
> unfortunately.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080912/0d20a3a9/attachment.html>
More information about the Freeradius-Users
mailing list