v4: Can't see TLS certificate fields from `send Access-Accept` section anymore

Alan DeKok aland at deployingradius.com
Thu Feb 18 01:46:59 CET 2021


On Feb 17, 2021, at 3:10 PM, Nick Bogdanov <nickrbogdanov at gmail.com> wrote:
> Hmm, still no luck enabling check-eap-tls.  If I set `virtual_server =
> check-eap-tls` in mods-enabled/eap and then symlink
> sites-available/check-eap-tls to sites-enabled/, it aborts on startup:
> ..
> ...freeradius-server/pfx/etc/raddb/sites-enabled/check-eap-tls[31]:
> virtual server check-eap-tls MUST contain a 'namespace' option

  OK.  :(  I think that example needs to be updated.

> 
> If I add `namespace = check-eap-tls` at the top of the server {}

  No, you may need to add `namespace = tls` IIRC.  I'll have to double-check this.

  Some of the code is still in flux unfortunately.

> section, radiusd gets to the end of the handshake and then rejects the
> request here:
> ...
> (8.0)    eap.tls - ERROR: Failed to find pre-compiled unlang for
> section server check-eap-tls { ... }

  Yes, without a correct `namespace`, the rules aren't compiled.

  We're actually cleaning up this code and examples right now.  It might be a bit before we're done.

  Alan DeKok.




More information about the Freeradius-Users mailing list