Appears that I have something working now. Here is what I have so far. Enjoy.
*** src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c.OEM 2008-04-30 14:46:28.000000000 -0400 --- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2008-05-06 14:03:58.000000000 -0400 *************** *** 794,799 **** --- 794,820 ---- /* * Success: Return MPPE keys. */ + X509 * client_cert; + client_cert = SSL_get_peer_certificate(tls_session->ssl); + + long serialNumber = ASN1_INTEGER_get(X509_get_serialNumber(client_cert)); + char serial_str[64]; + serial_str[0]='\0'; + sprintf(serial_str, "%ld", serialNumber); + + VALUE_PAIR *vp; + vp=pairmake("FreeRADIUS-Cert-Serial", serial_str, T_OP_SET); + if (!vp) { + DEBUG(" rlm_eap_tls: Failed to create attribute %s: %s\n", + "FreeRADIUS-Cert-Serial", librad_errstr); + } + else { + DEBUG2("Adding Cert SN to request -> %s", serial_str); + pairadd(&handler->request->packet->vps, vp); + DEBUG2("Added Cert SN to request"); + } + + eaptls_success(handler->eap_ds, 0); eaptls_gen_mppe_keys(&handler->request->reply->vps, tls_session->ssl, and a small change to the dictionary... *** share/dictionary.freeradius.OEM 2008-05-06 14:17:43.000000000 -0400 --- share/dictionary.freeradius 2008-05-06 14:20:41.000000000 -0400 *************** *** 14,18 **** --- 14,19 ---- BEGIN-VENDOR FreeRADIUS ATTRIBUTE FreeRADIUS-Proxied-To 1 ipaddr + ATTRIBUTE FreeRADIUS-Cert-Serial 2 integer END-VENDOR FreeRADIUS On Mon, May 5, 2008 at 2:54 PM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Andrew Olson wrote: > > You still haven't indicated why the perl module isn't running after > > eap. If I put it before eap in the config, the module runs. After > > eap, you can see from the trace that it doesn't run. > > Yes. The eap module returns "handled", which means "not authenticated > yet, send Access-Challenge". > > If you want your module to run only when the user is authenticated, you > need to run it when the eap module returns "ok". > > > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html