Troubleshooting EAP-TLS with External Certificates

A.L.M.Buxey at A.L.M.Buxey at
Thu Sep 15 22:31:59 CEST 2016


> I've placed a symlink in /etc/raddb/sites-enabled to
> /etc/raddb/sites-available for the check-eap-tls virtual server.

aye...but the server needs to know to send the packet to you need to configure
the eap module appropriately,.

if you read mods-enabled/eap you'll go to the  tls {} section and see the bit that says

		# As part of checking a client certificate, the EAP-TLS
		# sets some attributes such as TLS-Client-Cert-CN. This
		# virtual server has access to these attributes, and can
		# be used to accept or reject the request.
	#	virtual_server = check-eap-tls

>   eap {

>    # Linked to sub-module rlm_eap_tls
>    tls {
>     tls = "tls-common"
>    }





More information about the Freeradius-Users mailing list