Hi,
DEFAULT LDAP-Group == CiscoRWL2Lr, Auth-Type := Accept
Reply-Message = Welcome! You have administrative access.,
Service-Type = NAS-Prompt-User,
cisco-avpair = shell:priv-lvl=15
as already said, you've configured your RADIUS server to accept
ANYONE who is in the
Hi,
If required I can post full logs and configuration file here.
err, yes.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
All seems well besides this. It started happening a day ago every 30
seconds. Anyone understand what this is?
check your changelog or revision control notes to see waht was done a day ago?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
radiusd -X
are you sure that your config isnt eg stripping cisco-avpair
before the RADIUS accept packet is being sent to the device?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Thanks Fajar for your proposal (PPA)
I've just 2 beginner's questions:
What does it mean dfsg ?
What does it mean git ?
DFSG = Debian Free Software Guidelines
part of the DEBIAN social contract
GIT = a revision control system (a way of storing files in a project
so that multiple
Hi,
I have changed from %Ldap-UserDN to %{Ldap-UserDN} but still not able to
login from my cisco switch.
Sending Access-Accept of id 184 to 172.17.3.210 port 1645
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 184 with timestamp +14
Ready
Hi,
With them, users connect to my network using WIFI using a password exchange.
I would like to change this pattern, I wondered if configuration is
possible to perform Authentication, Authorization and Accounting with
Freeradius and if I can provide any documentation that details the
Hi,
I had to uncheck validate certificates on the client. I also had to uncheck
use logon on username and password so it would ask me for the credentials.
The server does not like when the client sends domain info. On the server
side I had to change the users file so it doesn't include the
Nick, the joy of frees is that you can do this is umpteen different ways.
I would recommend that you use unsung unlang to check the ssid in the request
and then proxy that request to a different virtual server to deal with in the
way you want
Alan
--
Message may be brief as it has been sent
use version 3 ?
the things you want work, why stick to 2.1.x?
Alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Sigh!
Tried 3.x sometime back, it was seg-faulting left-and-right in my
3.0 is not a static beast. sometime back is sometime back! there have been
several key fixes to it - and more when people run it.
its no good saying seg-faulting left-ad-right' if those issues arent
reported to the
Hi,
3.0 hasn't been released yet. It has all kinds of goodness which
makes it better than 2.1.x. However, more is coming. So the 3.0
release is planned for early September.
yes, not released yet - but it is official - people can run it now
(if they want ;-) ) - certainly having a few
Hi,
Hi Guys ,
Here is the thing , im trying to use Mac-Auth , I managed to get working
using authorized-macs files , although i need to use a mysql table� witch
i already have with the ssid and mac-address fields and i need to add an
operator to expired macs , coz i work at a
Hi,
Is it possible lo to log the IP address of the client after a successfull
auth/login?
Something like that:
Tue Jul 5 17:18:46 2011 : Auth: Login OK: [elo...@irta.es/via Auth-Type =
EAP] (from client WLC_SSCC port 1 cli B8-C7-5D-E4-A3-6B) *$IPADDRESS*
Login has worked - so 802.1X is
Hi,
I'm currently trying to set a Freeradius 2.0.5 on a synology NAS which I
installed via ipkg.
I would like to authenticate the wifi users throught a netgear WG103 '802.1x
enabled'.
So i've just modified the users file to add a 'rad' user :
rad Cleartext-Password := rad
And added in
Hi,
We use FreeRadius 2.1.9.
It works fine, but Macbook user can't connect.
I have to activate only TTLS and PEAP in WLAN settings (802.1x) on the
macbook, then it works.
Do exist any other possibility for MAC user?
by default, OSX has a lot of EAP types enabled...and will try to
Hi,
certainly if you dont allow FreeRADIUS to handle unknown EAP types.
Can you configure FR to handle unknown EAP types?
ignore_unknown_eap_types = no
but as the docs clearly state, if its not handled in another module
then the request will still get rejected
alan
-
List
Hi,
Ok. I need to configure the Mac client or install a 802.1x tool.
No other way ... hmm ... ok.
umm, the client is set to try all the EAP methods under the sun - starting
off with FAST , then LEAP, then PEAP etc well, theres nothing a
server can do to change that - its totally client
Hi,
I want to use the certificate from Thawte. First of all I tried to use
free SSL certificate from Thawte. I received 3 certificates in
PEM-format: my Thawte trial SSL certificate, Thawte Trial Secure
Server Intermediate CA and Thawte Test CA Root certificate in format:
-BEGIN
Hi,
Hi all,
It might be redondant with another but slightly different.
I have installed FreeRadius thanks to yum over Fedora 14. Everything went
fine and was working fine until I need to add the Oracle support to have
the accounting working with on Oracle database.
When I
Hi,
Personally I'd just dump IIS and use something like linux+proftpd
instead: http://www.proftpd.org/docs/contrib/mod_radius.html
I was going to say the same thing - use the Linux/BSD box with
FTP as the access layer - no trouble with the RADIUS integration then
alan
-
List
hi,
do not set Auth-Type := EAP, or AuthType := local in your users file.
the server is quite capable od dealing with these things - there are only
a very very few times when you might need to even think about setting the
type. can you say what doc you were following that told you to set
Hi,
I guess this is kind of solution, but we would like to have the LEAP running
as well. Any other suggestions?
i ran up a default FreeRADIUS install, enabled LEAP, had a device
doing LEAP against the 802.1X AP and it just worked. does
your AP understand LEAP?
alan
-
List
Hi,
I'm not using databases at the moment, just the plain users files. I was
wondering if it was possible to keep some received attributes on the
server (without using databases), but now it seems impossible.
you can log the received attributes in many ways - the 'detail' module will
Hi,
However, using users from another realms which have to be proxied do not. In
debug mode the request is proxied:
so, issue with remote proxy. you say that the admin of the remote
proxy says that he can see your requests...but you dont answer
he stuff that gets sent back?
in this case,
Hi,
On Thu, Jun 23, 2011 at 12:48 AM, John Dennis jden...@redhat.com wrote:
freeradius-2.1.11 RPM packages for Fedora 14 and Fedora 15 have been pushed
into their respective *testing* repos. It may take a while for them to hit
the mirrors.
To upgrade via yum you will need to enable the
Hi,
Hi,
a similar issue with the config parser here...
The following worked nicely in 2.1.10, but barks with Unexpected text
else (and with the obvious change to elsif, Unexpected text elsif).
if ( %{NAS-Identifier} == ejabberd ) {
update request {
Hi,
Hi Alan,
hum... any freeradius script/comand that I could use instead of the
teasing red button with the don't press this button written on it? :)
i'm guessing your system uses SQL (eg MySQL) in the backend for accounting..so
its an sql command you'll be wanting rather than a freeradius
Hi,
It's been a long time since 2.1.10. We're happy to release version
2.1.11, which has many of useful new features, and a number of minor
bugs fixed.
yay! :-) virtual champagne cork released
however, a nice quirky change in config parser means that any unlang
style code with an 'if'
Hi,
Arg. That's annoying. It would have been nice to catch that.
it must have gone in pretty late as we didnt have an issue with 2.1.11
GIT release on our test server (which is now running 3.0.0 GIT for some
REAL testing ;-) )
alan
-
List info/subscribe/unsubscribe? See
Hi,
Fix it real quick before many download it, call it 2.1.11.1 - or 2.1.11a :)
if its to be changed then 2.1.12 and at least change the old year in
src/main/version.c
there are other date copyright files - i guess the authors should assert this
but
the main project should cover
Hi,
So I have this teasing menu option in daloradius which is called
Cleanup Stale Sessions. I think it does exactly what I need but:
1) I do not want to break the radiusd
2) I do not want to loose my radius logs (who had that IP that day..)
3) I do not know if this is the right button to
Hi,
Hi there,
I have been trying to setup a freeradius server that will proxy the
authentication to another server if the User-Name starts with 1234. So for
instance a user logs in with username 1234XX then in section AUTHORIZE i
have a policy that checks with regex if the username
Hi,
rlm_sql (sql): Released sql socket id: 3
[sql] User 1234abcdefg not found
++[sql] returns notfound
WARNING: You set Proxy-To-Realm = ISE, but the realm does not exist!
Cancelling invalid proxy request.
^^
seems fairly obvious. check that you have a 'ISE'
hi,
in the latest 2.1.11 there are some new files and libraries... these are
clearly shown on the last few lines of the debug you sent to the list...eg
/etc/raddb/modules/redis
Hi,
Are all the slow query entries potentially a problem, I mean should
yes. any slow queries are potentially a problem. in your
case I believe that you have that many rows in your DB table - and because
there is no index, all entries have to be seen - as previous post says,
you need a DBA or
Hi,
it may help to note-� I am using windows version of FreeRadius ver 1.1.7
r2
from your previous message I could gues you were running an old version.
1.1.x is ead. upgrade to 2.1.x - this has all the features that you are looking
for - certainly adjusting LOG file stuff is already
Hi,
Can somebody tell me the expected issues when the secret for a Client is
misconfigured? We had an issue with some NAS’ not able to connect to the
Freeradius, and it appears as if the only we changed was the corresponding
secrets. Are NAS’ with mis-matched secrets dropped
Hi,
proxy-inner-tunnel:
server proxy-inner-tunnel {
authorize {
update control {
Proxy-To-Realm := NULL #I want to proxy realm NULL
}
}
authenticate {
eap
}
post-proxy {
eap
}
}
dont set it to NULL - that keeps it very much local. instead set it to FOOBAR
and
Hi,
...so, when are you going to join eduroam then? you seem to have EAP
and WPA/WPA2 all sorted and client configuration guides for your users
(everyone seems to be reinventing that wheel - especially in th eduroam
community where the settings are have minor difference - some sites
do WPA2/AES
Hi,
I am using FreeRADIUS to proxy EAP-PEAP authentication as MSCHAPv2 to a
third-party RADIUS Server. (Terminating the outer tunnel at FreeRADIUS).
However, I need to send an AVP of Framed-Ip-Address to the third party
RADIUS server ( its a legacy server), for which I tried adding a realm
hi,
a quick look at your output shows that your server is configured
to have a defauly type of EAP that doesnt match what your client
is trying to use. there is then a reattempt after the NAK - and your client
is using LEAP. it fails at the LEAP stage in the EAP module - check
your eap.conf
hi,
Has anyone been successful in installing FreeRADIUS 2.1.10 from src on
CentOS or RHEL? I’d prefer not to use the package manager for installation
as I’m attempting to install a custom module and the directory tree from
the repo install doesn’t match the source module setup. I
Hi,
I’ve installed the latest freeradius version (freeradius-server-2.1.10)
from source!
SO, I configured it and tested it with the command [radiusd -X] and it is
ok!
Now, I would to start the daemon in a normal way (/etc/rc.d). I copy the
rc.radiusd into /etc/rc.d but
Hi,
this is about 2.1.10. In my proxy.conf, I have two clauses for a host (
see [1] and [2] below), once with ipaddr for IPv4 and once with ipv6addr
for IPv6.
I was going to be reporting the same thing - however, I've delayed since
I could only see this behaviour on a VM system so wasnt sure
Hi,
rad_recv: Accounting-Request packet from host 201.216.227.201 port
58999, id=0, length=86
Received Accounting-Request packet from 201.216.227.201 with invalid
signature! (Shared secret is incorrect.) Dropping packe
t without response.
server doesnt lie. check the shared secret for the
Hi,
Quick test shows this is working now. Not tested enough yet to claim
victory, but I'm not scratching my head going WTF I VAGUELY recall
burning myself several years ago when I started playing with FR, hence why I
remembered it - finally!
If I feel froggy I MAY tweak the source
Hi,
NAS Port Attribute (5), length: 6, Value: 0
NAS-Port 0
are you serious? ;-)
Vendor Specific Attribute (26), length: 12, Value: Vendor: Unknown
(14823)
Vendor Attribute: 2, Length: 4, Value:
..thats an interesting one.
Unknown
Hi,
I should note, it appears the Aruba gear is terminating the PEAP – FR only
sees an MSCHAP request.
I would change that behaviour with a quick reconfig - its possible because we
have
sites in the UK using Aruba kit with 'eduroam' - and 'eduroam' would break if
the
remote client was
hi,
looks like your client is trying to use the wrong CA as
part of the authentication.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi ! I meet a ERROR in the test of EAP/PEAP
radtest sqluser 123 localhost 1812 testing123 is OK
�,I just delete the # before 'eap' in radiusd.conf and default files.
the test �eapol_test -c peap.txt -s testing123
you are using SQL as the user storage? you havent enabled the
Hi,
I found the reason why the attributes I added where not
included in the reply list. Those attributes are used by the servers
internally (Range: 1000-1199)
They do not go to the reply attributes list.
When I tried the attributes from other vendors like 3Com it worked.
Hi,
akinpelu emmanuel wrote:
Though I have installed the latest version of ikev2_0.2 and libtnc this
is the error message I keep getting, moreover could I be helped on how
to indicate the tncs library path in the configure line.
other than a particularly neat need to make the compile
Hi,
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
built without openssl development stuff present. rebuild the server
alan
-
List
Hi,
Do we know if the password change (and adjustments to retry which make
it work) will be included in 2.1.11?
If enough people test it and say it works.
do we have a direct single known patch now for application to a 2.1.10
source? (theres been a lot of subtle updates flying around)
Hi,
Hi All,
I am installing Free Radius 3.0.0
I am having problem compiling mysql support even when I used the required
options.
Please below the output from ./configure
the required mysql development headers/includes arent around. install
mysql-dev or mysql-devel
or whatever the
Hi,
Thanks, I'll start to do this. Machine account name should work for me.
Any hints, or how to do this? Is there somewhere an example availlable
to start with?
I'am new to FR 2.1 and it's hard to make even my old config work on the
test-maschine.
after altering ntlm_auth command
hi,
your User-Name is going from a sane value 'host/LP-0010.myorg.org'
to just '/LP-0010.myorg.org' - are you playing around with hints?
you dont need to remove the host/ part - in fact, messing with the
User-Name will cause EAP to break...especially when a windows machine
is involved. if you
Hi,
I'm running the latest yum version of freeradius2 on a 32bit CentOS 5.5
install.
I'm using service radius start to launch the daemon. I'm trying to figure
out how to use the service method to launch the process in debug mode. I can
start it in debug mode when calling it from the
hi,
dont really care about config - radiusd -X output please
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
looks like PC not properly responding have you got the RADIUS server
CA on the client? (ie does the client know the CA and trust it?)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
On my client's wifi network, we are authenticating staff users via
FreeRADIUS against the corporate LDAP database.
I've created a new SSID/WLAN with an IP pool that I've restricted through
router ACLs that we want to deploy for temporary guest users. I can set
up a new FreeRADIUS
Hi,
comparisons/requirements are ont he first line, replies are on following lines
ie
user Cleartext-Password := testing, NAS-IP-Address = 192.168.0.1
AttributeX = this,
AttributeY = that
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
this would be great to get into 2.1.11 release if possible if not 2.1.12 or
2.2.x
as it solves one of our current problems of devices configured for our roaming
SSID continually trying to authenticate to the system even if the user no
longer exists
- currently they just keep on and on
Hi,
maybe somebody can help me in my attempt to authenticate
supplicant
PC (WinXP SP2 with enabled 802.1x authentication using PEAP and
Authentication Mehtod Secured password EAP-MSCHAP v2) using
*that* (PEAP) wont work with this:
Added new entry for PC using its MAC address for
Hi,
Found this in the rlm_sql_unixodbc config.log:
...
/usr/bin/ld: cannot find -lodbc
...
configure:3080: WARNING: silently not building rlm_sql_unixodbc.
configure:3082: WARNING: FAILURE: rlm_sql_unixodbc requires: libodbc sql.h.
Did I miss some dependencies earlier when installing FR
Hi,
We should release 2.1.11 some time soon. Anyone interested in testing
the beta version?
We maintain a dedicated radius server, with (outbound) eduroam and all
our standard configs monitoring probes for just this purpose.
likewise - we have a server with 2.1.11 GIT (well, when
Hi,
I attempted to follow the guide here:
[1]http://wiki.freeradius.org/Mac-Auth but the raddb/modules/file module
doesn’t seem to exist. I tried adding files authorized_macs section to the
end of modules/files but I am still getting a module not found error. If
someone could
hi,
turn on sqltrace and turn on tcpdump - you will find what is causing it
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
To all Cisco guys out there how can I make a NAS(Cisco 2960 switch) to
send MSCHAP requests to FR server instead of PAP requests.
what makes you even think it can? are you talking about the cisco switch
device itself for local admin access etc or are you talking about end clients
Hi,
- Fri Apr 1 19:22:09 2011 : Error: Discarding duplicate request
from client mpth12 port 40039 - ID: 129 due to unfinished request 10524
- Fri Apr 1 19:22:10 2011 : Error: Discarding conflicting packet
from client mpth12 port 40039 - ID: 129 due to recent request
Hi,
I've implemented mOTP as en external authentication program by
defining it in radiusd.conf with a Program = /etc/raddb/otpverify.sh
statement.
As I said, it does indeed work properly, except, when I start the
radiusd server up as a daemon via init.d
radiusd -X - Works properly
Hi,
*sigh* it was indeed SELinux. I thought it had it disabled. Still
not exactly sure why when I wrapped the init.d statement with a 'sh'
it works, but nevertheless you solved my issue. Thanks John.
you are going to fix the issue as shown by audit2allow etc rathr than just
leave SELinux
Hi,
ok, how would that be? how do I not use the freeradius NAS-Port as the
key?
acct_unique is a module?
acct_unique {
��� key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port
}
I just remove the the NAS-Port-up of the keys?
hi,
if you take the default FreeRADIUS 2.x config and just follow that active
directory
guide, then it just works - you dont need to use exec ntlm_auth or
anything...just configure the mschap module (which has an ntlm_auth line to be
configured)
alan
-
List info/subscribe/unsubscribe? See
Hi,
I believe there's also another (possibly related) bug:
I disabled eap completely (comment-out the line $INCLUDE eap.conf on
radiusd.conf, removed sites-enabled/inner-tunnel, and removed all
reference to eap on sites-available/default and my virtual server),
yet with a simple radtest
Hi,
Actually my NAS is sending the same port for all my users, but the door
that she is sending is NAS-Port = 29.
So your NAS is broken. I don't know why people do that...
Hello Cisco! :-)
Don't use radutmp. Instead, store the sessions in SQL, and edit the
SQL configuration.
Hi,
I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I
looked at the proxy.conf and it seems
that there are two options, because you have to insure the same end client
talks to the
same radius server. There seems to be client-balance that uses IP source
Hi,
I am a newbie to free radius, I need to know what changes are required in
radiusd.conf or any other file in order to authenticate clients requests
through local machine users(etc/passwd or etc/shadow) instead of making
users in the raddb/users file.
add users to the system
Hi,
Thanks Alan, what I am actually trying to achieve is to authenticate users
against our Linux /etc/shadow or /etc/password/ files. I don't want to use
the USERS file as it stores passwords in clear text which is what we're
trying to avoid.
it CAN store the passwords in clear
Hi,
I'm trying to recreate the functionality of a product call PhoneFactor
(www.phonefactor.com). In the script, I want to make a call using
Asterisk, get a code, compare that to an entry in a database, and
accepting or rejecting the request. OpenVPN has increased their timeout
Hi,
Currently with PAP auth-only test to MySQL-backed freeradius I get
about 2000 succesful authentications per second. It'd be great if I
can get the maximum number of supported users on this system with a
typical auth - acct-start - interim-update - acct-stop cycle.
you should get much
Hi,
I've followed the following howto :
[1]http://deployingradius.com/documents/configuration/active_directory.html
and everything goes fine with the radtest, wbinfo, ntlm_auth and my user
is correctly authentified.
my first question is why so old a version of FreeRADIUS is you
Hi,
Hello everyone,
I have a scenario that is configured to access active Linux, Cisco and
Enterasys for when using Cisco VPN can not authenticate in assets. Only
works when it is turned off Filter-ID == Enterasys: version = 1: mgmt =
rw . Is there any way to configure and
hi,
you have a 'DEFAULT' in users file pointing to System. comment out that line
because its forcing FR to use the 'unix' module - to read eg /etc/passwd
and your user is not there (and shouldnt really be there).
this is an old 1.1.x release provided to you? that used to be a common
problem.
Hi,
Here is my debug file with gbd on the seg fault
[Thread debugging using libthread_db enabled]
[New Thread 0x7600b700 (LWP 23433)]
[Thread 0x7600b700 (LWP 23433) exited]
Program received signal SIGSEGV, Segmentation fault.
0x76032890 in
Hi,
[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain
a User-Password attribute!
its fair enough. you've set Auth-Type = PAP
why?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Dear Phil,
By removing this option, it tries to authenticate with EAP/MSCHAPv2, and
also fails.
no...it works - but you havent got the 'sql' module enabled in the inner-tunnel
(which is where the server goes to when its doing EAP)
put sql into the inner-tunnel virtual-server
Hi,
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
i'd follow that advice. FR knows what to do when it sees suitable things.
anyway, the 'void' is being sent by the NAS - and its being sent CHAP'd too
can your kit not do
hi,
you havent given the full output of radiusd -X
you also appear to have done more than just add that user to the
users file
something is setting the authentication to 'System' - do
you have some DEFAULT Auth-Type = System at line 153 of the users
file?
alan
-
List
hi,
you have pretty much got the idea already - you have to pair the username with
the NAS-IP-Address
- in SQL with radcheck, in users file by putting the correct matching
description on the first line
(as per examples).
alan
-
List info/subscribe/unsubscribe? See
Hi,
radmin
I can't see how radmin would help here. Is it possible to use it to inject a
test packet? I can't see how, in which case I need to use radclient anyway.
you seem to have slectively edited Phils reply.
radmin can indeed inject packets and give you reply
ie
radmin
hi,
following on the info that Phil has already supplied...you can also
use radmin to run debug to a single file for special cases...so,
if you were interested in eg 'Client-IP-Address = xxx.xxx.xxx.xxx'
then you can debug just on that condition to the file.
alan
-
List
Hi,
I am trying to work out where I would be putting attributes for Access
Accept.
add them at the post-auth stage...or add them in the inner-tunnel and
copy inner-tunnel to the reply.. thats 2 standard ways
alan
-
List info/subscribe/unsubscribe? See
Hi,
+-+--+---+++---++
| id | username | attribute | op | value | PID | expires|
+-+--+---+++---++
| 462 | 10295| password | == | 912547 | 10295 | 2011-03-21 |
hi,
2.1.7 has many little quirks/bugs that caused daemon deaths. 2.1.10 is the
answer
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
in the QA department. *You* are the QA department.
I was under the general impression that QA is no longer done for
commercial software either...
ha! yes, i agree :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
# Begin output of goofy processing
++? if (!control:Auth-Type)
? Evaluating !(control:Auth-Type) - FALSE
++? if (!control:Auth-Type) - FALSE
cd /etc/raddb
Hi,
Good idea, but no help. It only returned default, which is one of the
first files I checked, double-checked, replicated, etc.
if it says default, then that code is in 'default' - look in that file to find
where it is
Thanks for the help so far. I'll keep at it until I resolve it or
Hi,
1) It validates the server cert to assure it's signed by a CA it trusts
(possibly via a cert chain).
2) It then validates the certificate subject to make sure the server it
thought it was connecting to appears in the certificate (either as the
certificate subject or one of the
701 - 800 of 1488 matches
Mail list logo
