here is the output :
Evaluating ("%{TLS-Client-Cert-Subject}" =~xxxxxxxx//) -> TRUE
++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxx\// ) -> TRUE
++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/O=xxxxxxxxxxxx\// ) {...}
+++? if ("%{TLS-Client-Cert-Subject}" =~ /\/OU=xxxxxxxxxxxx\// )
expand: %{TLS-Client-Cert-Subject} ->
/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
? Evaluating ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxx\//) -> TRUE
+++? if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxx\// ) -> TRUE
+++- entering if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxx\// )
{...}
++++[noop] returns noop
+++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxx\// ) returns
noop
+++ ... skipping else for request 21: Preceding "if" was taken
++- if ("%{TLS-Client-Cert-Subject}" =~ /\/xxxxxxxxxxxxxxxxxxxxxx\// ) returns
noop
Login OK: [xxxxxxxxxxxxxxxxxx] (from client xxxxxxxxxxx
I understand that eap returns ok so user is authenticated.
It's not what i want to do.
i want client certificate to be authenticated by :
- be in users files
- have the "right" certificate
From: [email protected]
To: [email protected]; [email protected]
Subject: Re: [EAP/TLS] Authenfication through a certificate
Date: Fri, 8 Feb 2013 16:20:20 +0000
As already said, post output of radiusd -X
(that will clearly show the logic taken)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
