Hi. After configuring the parameter in user configuration file I get the following log However sniffing show that no request was sent to get the certificate. Are any of you familiar with this problem?
[ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 005f], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 0aab], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate -----Original Message----- From: freeradius-users-bounces+yoni.levin=altair-semi....@lists.freeradius.org [mailto:freeradius-users-bounces+yoni.levin=altair-semi....@lists.freera dius.org] On Behalf Of Yoni Levin Sent: Monday, August 24, 2009 5:38 PM To: FreeRadius users mailing list; t...@kalik.net Subject: RE: TTLS to require client cert I have similar problem I also try to force TTLs to request client certificate but it just does not happen. The radius does not send the request. Maybe the reason is that I added EAP-TLS-Require-client-cert = YES in the wrong section? I uncommented it in the tls section of eap.conf Thanks for your help. -----Original Message----- From: freeradius-users-bounces+yoni.levin=altair-semi....@lists.freeradius.org [mailto:freeradius-users-bounces+yoni.levin=altair-semi....@lists.freera dius.org] On Behalf Of Petar Marinkovic Sent: Thursday, July 16, 2009 12:43 AM To: t...@kalik.net; FreeRadius users mailing list Subject: Re: TTLS to require client cert Yes, it does, but something isnt working, he is just not checking the client certificate On 07/15/2009, Ivan Kalik <t...@kalik.net> wrote: >> Hi all, I need help once again. I want TTLS to require client cert. I put >> EAP-TLS-Require-client-cert = YES in ttls { part of eap.conf but it's not >> working. What I am doing wrong here? > > What isn't working? Freeradius can request a certificate - does your > supplicant support that? > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ************************************************************************ ************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************ ************ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ************************************************************************ ************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************ ************
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html