Hi again Flo, remember last TNC in Catania? :-)
> I am using freeradius successfully, but I still have some questions. > > Fistly, how can I disable to verify client certificates? > Mon Sep 5 12:17:12 2005 : Error: TLS_accept:error in SSLv3 read > client certificate A This is an "error" reported from openssl. Other than looking ugly, it doesn't do any harm. And since it's not caused by FreeRADIUS, you can't stop it from appearing. It's a case of "never mind". BTW, this question comes up quite frequently on the list; digging in the archives would have done the trick. > Secondly, how comes I always see a successfull authentication twice, > when using eap: > Mon Sep 5 12:17:16 2005 : Auth: Login OK: [unrzwlan5] (from client > localhost port 0) > Mon Sep 5 12:17:16 2005 : Auth: Login OK: [unrzwlan5] (from client > airbrush port 0 cli 00-11-09-0B-01-4D) That's due to the way EAP sessions are handled in FreeRADIUS: there is the RADIUS packet coming from the client, and within it is the content of the TLS tunnel; this inner content is treated as a new packet coming from localhost So, first the TLS tunnel content gets validated, which results in success (the first line above), then this inner packet gets "proxied" back to the outer packet, which sees a Login OK from the inner, which satisfies itself and reports its own success again. Again a case of "never mind". Greetings, Stefan -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
