On 1/27/2011 3:41 PM, Matt Garretson wrote: > The XP client still tries three times (duh), but at least radius.log reflects > a failure: > > Error: TLS_accept: error in SSLv3 read client certificate B > Error: rlm_eap: SSL error error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > Error: SSL: SSL_read failed in a system call (-1), TLS session fails. > Auth: Login incorrect (TLS Alert write:fatal:certificate unknown): [snip]
*sigh* I left out the first (and most useful) logging line in the above: Auth: rlm_eap_tls: Certificate CN (eviluser) fails external verification! So, again, it's better than what I'd had before, but not as elegant as I was hoping. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
