Troubleshooting EAP-TLS with External Certificates
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Sep 15 22:31:59 CEST 2016
Hi,
> I've placed a symlink in /etc/raddb/sites-enabled to
> /etc/raddb/sites-available for the check-eap-tls virtual server.
aye...but the server needs to know to send the packet to it....so you need to configure
the eap module appropriately,.
if you read mods-enabled/eap you'll go to the tls {} section and see the bit that says
#
# As part of checking a client certificate, the EAP-TLS
# sets some attributes such as TLS-Client-Cert-CN. This
# virtual server has access to these attributes, and can
# be used to accept or reject the request.
#
# virtual_server = check-eap-tls
> eap {
<snip>
> # Linked to sub-module rlm_eap_tls
> tls {
> tls = "tls-common"
> }
<snip>
uncomment.
enjoy
alan
More information about the Freeradius-Users
mailing list