-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Alan DeKok wrote: > Sven 'Darkman' Michels wrote: >>> here we can CLEARLY see that EAP is done before LDAP >> exactly, yeah, but the log says the other way around. I get a ldap >> request, which succeeds and after that a tls NACK (due to no cert). >> I would expect its the other way around, shouldn't it? > > Post the debug log. It lists which modules are being executed, and in > what order. Will do so later. Busy day today, sorry :( > EAP uses *many* round trips. So you may be looking at the output from > two different packets, and concluding that the processing is in a > *different* order than in the config files. > > Read the debug log. It's *all* there. Ok, i'll doublecheck that. But just a note: if i use the wrong cert and see a NACK message in the log - then my ttls failed and i shouldn't see a ldap query at all...? Or do i missunderstand something here? I just want to make sure that my client is "my" client, and not a stranger. Thats why i want the eap stuff (to force all "signed" by the clients cert, and avoid password attacks and stuff like that). Thanks for your (quick) help so far. Many regards, Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH6m1aQoCguWUBzBwRAoPrAKCOmL1bNYMan8eZIfcCSansLFUlvwCfVbFA YjUDvyfJn8rN7P1JwA0RjMw= =IUrc -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html