Alan DeKok schrieb:
[EMAIL PROTECTED] wrote:
How do I set up a freeradius server so that if the password fails for
the primary radius server it tries the secondary for the password.
In 2.0.1, you should be able to do:
authenticate {
...
Auth-Type pap {
pap
if (reject) {
update control {
Proxy-To-Realm := "realm"
}
ok
}
}
...
}
Should this kind of mechanism in 2.0.1 also be able to do something
similar for eap?
In case I have this debug output:
Wed Feb 6 14:14:40 2008 : Debug: rlm_eap_tls: >>> TLS 1.0 Alert
[length 0002], fatal certificate_expired ^M
Wed Feb 6 14:14:40 2008 : Error: TLS Alert write:fatal:certificate
expired ^M
Wed Feb 6 14:14:40 2008 : Error: TLS_accept:error in SSLv3 read
client certificate B ^M
Wed Feb 6 14:14:40 2008 : Error: rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned^M
Wed Feb 6 14:14:40 2008 : Error: rlm_eap_tls: SSL_read failed in a
system call (-1), TLS session fails.^M
Wed Feb 6 14:14:40 2008 : Debug: eaptls_process returned 13 ^M
Wed Feb 6 14:14:40 2008 : Debug: rlm_eap: Freeing handler^M
Wed Feb 6 14:14:40 2008 : Debug: modsingle[authenticate]: returned
from eap (rlm_eap) for request 9^M
Wed Feb 6 14:14:40 2008 : Debug: ++[eap] returns reject^M
I would like to send more information than simply "reject" to
radpostauth, something like: Certificate error
Auth-Type eap {
eap
if (reject) {
update control {
Module-Failure-Message := "Certificate error"
}
}
reject
}
}
and in radiusd.conf:
Post-Auth = "INSERT INTO ${postauth_table} ....values (...
'%{control:Module-Failure-Message}',.. )
This does not work for me. Is it expected to do what I want and I have a
configuration error? Or is this not the right way to do this? If it
should work: What's the fault here?
Thanks
Norbert Wegener
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
