Freeradius EAP-TLS - every 2nd (even) attempt unsuccessfull
Alan DeKok
aland at deployingradius.com
Sat Dec 5 20:32:38 CET 2015
> On Dec 5, 2015, at 1:40 PM, <gracian at centrum.cz> <gracian at centrum.cz> wrote:
> here is full (sorry for that) output of "radiusd -X" test during which an attempt was unsuccessfull again with tls cache disabled. As you can see below, there is not TLS-Client-Cert-Common-Name in the output so the check-eap-tls fails.
Upgrade to 3.0.10.
And verify that the check *you added* for TLS-Client-Cert-Common-Name is correct.
There is no way that simply disabling the "cache" entry causes authentication to fail. The default configuration does *not* have checks for TLS-Client-Cert-Common-Name.
Alan DeKok.
More information about the Freeradius-Users
mailing list