Proxy EAP-TLS
Alan DeKok
aland at deployingradius.com
Fri Nov 4 01:08:22 CET 2016
On Nov 3, 2016, at 6:43 AM, Davide Belloni <davide.belloni at gmail.com> wrote:
>
> here's the log in question:Nov 2 16:53:15 radiusd[12046]: Received
> Access-Request packet from host 172.25.1.6 port 1645, id=108, length=216
PLEASE use "radiusd -X". Not "radiusd -Xxxxxx". The extra information just makes it hard to read.
> I can't see the client certificate, do you think that I'm executing not an
> EAP-TLS auth?
It's not doing EAP-TLS, because the request is being rejected.
Why? Something in your local configuration is rejecting it. Maybe like 55 of the "users" file.
> And why, if the last ulang check is TRUE, the request isn't proxied?
Because the unlang checks don't proxy when they return true. And, because something else is making the server reject the packet.
> User-Name, that I think is retrieved from certificate's CN by Windows. Is
> it not correct?
That should be correct. But Windows sometimes does crazy things.
> I'm trying this setup because with "realms" configuration I can't filter
> the SSID
There are many, many, ways to reach the same goal. Some are simpler than others.
Alan DeKok.
More information about the Freeradius-Users
mailing list