[EAP/TLS] Authenfication through a certificate

vazoumana fofana zoumlander at hotmail.com
Fri Feb 8 17:49:32 CET 2013



here is the output : 



 Evaluating ("%{TLS-Client-Cert-Subject}" =~xxxxxxxx//) -> TRUE
++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxx\// ) -> TRUE
++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/O=xxxxxxxxxxxx\// ) {...}
+++? if ("%{TLS-Client-Cert-Subject}" =~ /\/OU=xxxxxxxxxxxx\// )
        expand: %{TLS-Client-Cert-Subject} -> /xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
? Evaluating ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxx\//) -> TRUE
+++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxx\// ) -> TRUE
+++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxx\// ) {...}
++++[noop] returns noop
+++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxx\// ) returns noop
+++ ... skipping else for request 21: Preceding "if" was taken
++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxxxxx\// ) returns noop
Login OK: [xxxxxxxxxxxxxxxxxx] (from client xxxxxxxxxxx


I understand that eap returns ok so user is authenticated.
It's not what i want to do. 
i want client certificate to be authenticated by :
- be in users files
- have the "right" certificate
From: A.L.M.Buxey at lboro.ac.uk
To: zoumlander at hotmail.com; freeradius-users at lists.freeradius.org
Subject: Re: [EAP/TLS] Authenfication through a certificate
Date: Fri, 8 Feb 2013 16:20:20 +0000






As already said, post output of radiusd -X

(that will clearly show the logic taken)



alan




 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130208/1da66771/attachment.html>


More information about the Freeradius-Users mailing list