Logging config to get certificate details

Alan DeKok aland at deployingradius.com
Mon Mar 25 09:55:35 CET 2019


On Mar 25, 2019, at 4:53 AM, Jim Potter <j.potter at bathspa.ac.uk> wrote:
> 
> We have a PEAP eduroam setup here, and I have a suspicion that not all our
> users are using/validating the server certificate - I know we can set the
> clients up to not use certificates and they can still connect fine. (I'm
> not completely clear on the PEAP process and whether the clients are still
> using the server cert but aren't validating it, or whether no cert is used
> at all in this case).

  You can't tell what the client is doing.

  The server sends the certs to the client, and the client either validates them, or ignores them.  It doesn't tell the server what it's doing.

> So what I'd like to find out is if I can set the server logging up to find
> out about the certificates used by each client - whether a cert is being
> requested, and if so, whether the certificate is being validated by the
> clients. I know this is primarily a client issue, but I'm looking for signs
> of this from the server so I can see how widespread this is. I've tried
> auth_goodpass/auth_badpass (no luck), I'm not sure where next to look on
> this - does anyone have any advice?

  This information is available only on the client.  The client doesn't tell anyone else what it's doing.

  Alan DeKok.




More information about the Freeradius-Users mailing list