Troubleshooting EAP-TLS with External Certificates
Matthew West
matthew.t.west at gmail.com
Thu Sep 15 22:50:23 CEST 2016
Hi Alex,
> if you read mods-enabled/eap you'll go to the tls {} section and see the bit that says
>
> #
> # As part of checking a client certificate, the EAP-TLS
> # sets some attributes such as TLS-Client-Cert-CN. This
> # virtual server has access to these attributes, and can
> # be used to accept or reject the request.
> #
> # virtual_server = check-eap-tls
*blushes* I don't know how I missed that!
Thank you! Back to testing.
Matthew
On Thu, Sep 15, 2016 at 1:31 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> I've placed a symlink in /etc/raddb/sites-enabled to
>> /etc/raddb/sites-available for the check-eap-tls virtual server.
>
> aye...but the server needs to know to send the packet to it....so you need to configure
> the eap module appropriately,.
>
> if you read mods-enabled/eap you'll go to the tls {} section and see the bit that says
>
> #
> # As part of checking a client certificate, the EAP-TLS
> # sets some attributes such as TLS-Client-Cert-CN. This
> # virtual server has access to these attributes, and can
> # be used to accept or reject the request.
> #
> # virtual_server = check-eap-tls
>
>> eap {
> <snip>
>
>> # Linked to sub-module rlm_eap_tls
>> tls {
>> tls = "tls-common"
>> }
>
> <snip>
>
>
>
> uncomment.
>
> enjoy
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list