How to log "TLS name" instead of username
Mrinal K
sinha.mrinal at gmail.com
Wed Aug 10 12:11:36 CEST 2011
I tried the same config with 2.1.11 but the same result.
My config:
eap.conf-
default_eap_type = tls
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
CA_path = ${cadir}
check_cert_cn = %{User-Name}
}
user-
DEFAULT Auth-Type := EAP
site-enables/default-
post-auth{
update reply {
Reply-Message += "%{TLS-Cert-Serial}"
Reply-Message += "%{TLS-Cert-Expiration}"
Reply-Message += "%{TLS-Cert-Subject}"
Reply-Message += "%{TLS-Cert-Issuer}"
Reply-Message += "%{TLS-Cert-Common-Name}"
Reply-Message += "%{TLS-Client-Cert-Serial}"
Reply-Message += "%{TLS-Client-Cert-Expiration}"
Reply-Message += "%{TLS-Client-Cert-Subject}"
Reply-Message += "%{TLS-Client-Cert-Issuer}"
Reply-Message += "%{TLS-Client-Cert-Common-Name}"
}
}
Any idea what is going wrong?
Regards,
-Mrinal
On Tue, Aug 9, 2011 at 3:12 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Mrinal K wrote:
> > Thank you for the reply. I have 2.1.10 which I believe does support it.
>
> Well, the examples in raddb/sites-available/default work. I don't
> know what you're doing differently
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110810/6f1e4889/attachment.html>
More information about the Freeradius-Users
mailing list