Nikos, I have these in my config file: # grep group /opt/ocserv/etc/config |grep -v '^#' cert-group-oid = 2.5.4.11 run-as-group = daemon config-per-group = /opt/ocserv/etc/config-per-group/ default-group-config = /opt/ocserv/etc/defaults/group.conf select-group = vpn select-group = dnsonly default-select-group = vpn auto-select-group = false gnutls template files: $ cat ~/Work/CA/RSA/gnutls/ocserv_clients/dnsonly/dnsonly.tmpl cn = "dnsonly" unit = "dnsonly" serial = 5000 expiration_days = 365 signing_key tls_www_client $ cat ~/Work/CA/RSA/gnutls/ocserv_clients/vpn/sskaje.tmpl cn = "sskaje" unit = "vpn" serial = 1000 expiration_days = 365 signing_key tls_www_client group vpn is selected by default, and for both connections group selectings are show. I changed the group manually to dnsonly, cn=?dnsonly? works, but for cn=?sskaje?, different error shown: ocserv[21191]: worker: xxx:31667 Groups ret: 0 ocserv[21191]: worker: xxx:31667 Groupname: dnsonly ocserv[21191]: worker: xxx:31667 groupname=dnsonly, ws->config->default_select_group: vpn, ws->groupname= ocserv[21191]: worker: xxx:31667 Groupname in cmp: dnsonly ocserv[21191]: worker: xxx:31667 no certificate provided for authentication sskaje http://sskaje.me sskaje at gmail.com ? 2014?8?28??16:10?Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> ??? > On Thu, Aug 28, 2014 at 6:06 AM, sskaje <sskaje at gmail.com> wrote: >> It's a long mail with lots of code and logs, for short: >> Issue 1: case insensitive match should be used in parse_reply() from src/worker-auth.c >> Issue 2: groups read from cert is not assigned to ws->groupname, makes group selecting message prompted all the time. > > Thanks for reporting that. About issue 1, I've committed a fix which > should do the trick. > > About issue 2. Could you elaborate on your use-case? Did you select > the group that was set with select-default-group? I found an issue in > that case and committed a fix and a test case. > > regards, > Nikos
