On 10/18/2013 11:00 AM, Alan DeKok wrote:
Bertalan Voros wrote:
I have one question, I would like to log a message in radius.log when a
device is rejected based on its mac address.
I would like to put a message saying that the device was unauthorised
and the Calling-Station-Id into the radius.lo
file. :/
Try reading the output of the build process, it will tell you what went
wrong.
Hint:
Redirection:
do_something 2>&1 | tee -a some_file
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the above announcement page.
BTW, I do know I can get it directly from
ftp://ftp.freeradius.org/pub/freeradius/ but there should be links.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.2.1?
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
45"
>
> Plus it will show it in other spots as well (accounting section, etc).
Please try to search the list archives before asking questions. This has
been answered multiple times.
Short answer is no, the debug output is meant for debugging ONLY and
during debugging it's vital to
can learn from (server
performance tweaks, optimizations, etc?). I've optimized as best I can
the SQL component. This all seems related to the samba/winbind/ntlm_auth.
- John Douglass, Sr. Systems IT/Architect, Georgia Institute of Technology
-
List info/subscribe/unsubscribe? See
cannot find -lnl
means the linker cannot find the libnl library, therefore you need to
install the libnl-devel package for your distribution. The devel package
because includes the files you need during development as opposed to
runtime.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 09/23/2013 02:07 PM, paul trader wrote:
> On Mon, 23 Sep 2013 at 13:31, John Dennis opined:
>
> JD:You still haven't sent the full debug.
>
> hi john - thanks for your reply. i sent the output from running radiusd
> -X, are you saying i need to run -Xxx and send that
said you were moving from v1 to v2, you can't just copy v1
configs over, they're different, hope you weren't doing that.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
John,
The "IPhone Configuration Utility" can do remote debugging with iPads, it
helped me diagnose some EAP-TLS issues.
John.
From:
freeradius-users-bounces+jcarter=identitynetworks@lists.freeradius.org
[mailto:freeradius-users-bounces+jcarter=identitynetworks.com@list
: SSL: SSL_read failed in a system call
(-1), TLS session fails.
Tue Sep 17 13:36:25 2013 : Auth: Login incorrect (TLS Alert
read:warning:close notify): [u...@ihk.com] (from client ManagementAPs port
1 cli 00-88-65-42-50-88)
Do you guys any idea what cause this issue
Thank you
John
-
List info
server can handle 2
mechanisms. Keep iterating on this basic cycle until your server
supports the range of clients you need to support.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Thanks again,
John.
On 17 September 2013 08:46, Martin Kraus wrote:
> On Tue, Sep 17, 2013 at 07:54:12AM +0100, John Carter wrote:
> > I've got a Windows 7 machine attempting to connect to FreeRADIUS 2.2.0.
> > EAP-TLS with a client certificate works fine, but with PEAP/EAP-T
!
Mon Sep 16 12:57:00 2013 : Info: Ready to process requests.
radius.log: http://pastebin.com/9fBdxfYt
eap.conf: http://pastebin.com/7dL69pmQ
inner-tunnel: http://pastebin.com/BGzJSKz0
Thanks,
John.
--
John Carter
Identity Networks
jcar...@identitynetworks.com
= 0
FreeRADIUS-Total-Auth-Dropped-Requests = 1824
FreeRADIUS-Total-Auth-Unknown-Types = 0
After finding some messages on the devel list, I saw some reference to
memory clean up but that was a while ago so not sure how valid that
comment/problem is in the 2.2.0 version.
How should I
debug output.
And be sure to set ACL's (Access Control Lists) on the password
attributes so that only the admin and the radius process can read them.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in one of the emails the other
> day?
Before you go any further you need to read and understand the material
on this page:
http://deployingradius.com/documents/protocols/compatibility.html
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
xt version from the user?
>
>> I might be too old to do bleeding edge stuff like 3.0 RC1
>> I will take a look and a poke at it though.
>
> Fair enough.
>
> Arran Cudbard-Bell
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See
>
password localhost 0 testing123
>
> Received -bash: /usr/bin/radtest: No such file or directory
It's in the freeradius2-utils package.
% yum install /usr/bin/radtest
or
% yum install freeradius2-utils
or
read how to use the yum package manager.
--
John
-
List info/subscribe/unsub
dius2 set of packages, not the
freeradius packages. RHEL5 initially shipped with freeradius 1.x, but
you want to be running 2.x. In RHEL we can't remove a previously shipped
major version of a package so we had to add freeradius2 in order to make
version 2.x available.
--
John
-
List
On 09/06/2013 04:31 PM, stefan.pae...@diamond.ac.uk wrote:
> I shall try a RHEL6/CentOS6 compatible build tomorrow or Monday.
>
> Shouldn't be a problem. John D, I'll update my tag, you guys will probably do
> the same.
FYI: rc1 is packaged and built for Fedora in rawh
e OP is using an extremely old version, doesn't know what OS they're
on, or is trying to blame the package for a failure to read the doc.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
man page.
Please provide the exact installed rpm if you think otherwise.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
h is expecting too much.
I wonder if the OpenSSL library has an option or function to convert to
8601.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t had time yet to go through and see if these are red herrings or
not.
I've attached the output of the analysis tool for review.
--
John
$ rpmdiff-cli local-analyse scratch:6062804
Setting up before packages
Setting up after packages
[rpmdiff-cli]$ ./rpmdiff-checker --xml-output="test
On 07/23/2013 05:18 AM, stefan.pae...@diamond.ac.uk wrote:
> Thanks, John.
>
> I'll use that SPEC as base for CentOS 6.x packages :-)
I'm will be making some tweaks to the spec file over the near term. For
instance I just realized I make a mistake with the release fiel
On 07/23/2013 08:29 AM, John Dennis wrote:
> On 07/23/2013 05:28 AM, manjunath uthappa ponnachana wrote:
>> Hi,
>>
>> I want to download free radius version 3.0.0 rco. Please let me know the
>> downlaod link.
>
> The tarball is available here:
> https://git
e candidate
notation in it's name. Release candidates are for testing. You can help
out by building and testing it.
> If not when it will be ready for official release.
I'll let the development team answer that one.
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of packages in existing releases
(especially if they are not configuration compatible). FWIW the F19
train just pulled away from the station so unfortunately it's too late
for F19.
HTH,
John
--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
stream and we didnt' want to
introduce potential incompatibility. If udpfromto is sometimes
necessary and benign otherwise is there a reason for this to be a
configuration option at all in 3.0?
John
--
jden...@redhat.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Hi guys
when users logout from the wireless network , i can see following error in
the log
Error
Error: rlm_radutmp: Logout for NAS Wlan1 port 0, but no Login record
IS there any reason for that, how can fix it
Thank You
John
-
List info/subscribe/unsubscribe? See http
On 07/17/2013 04:16 PM, Alan Buxey wrote:
> Hi
>
> Don't you have freeradius-utils already. .. which contains radtest etc
> which is very useful for admins
Yes, my bad, sorry, not enough coffee.
John
--
jden...@redhat.com
-
List info/subscribe/unsubscribe? See http://www.fr
On 07/17/2013 12:26 PM, Alan DeKok wrote:
> John Dennis wrote:
>> The following are installed in either /bin or /usr/sbin but there are no
>> corresponding man pages. Every command installed needs to have a man page.
>>
>> dhcpclient
>> radattr
>
>
c.radiusd, it's use
is subsumed by initscript documentation for SysV, plus many systems
won't install it all. I only include it in the list for completeness.
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi guys
I had to also set the "*use_tunneled_reply=yes*" in the eap.conf to get
the Dynamic vlan assignment to work
On 12 July 2013 19:42, val john wrote:
> Hi guys ,
>
> Small question , do i need to import radius ldap schema ( items like
> radiusprofiles
> )
Hi guys ,
Small question , do i need to import radius ldap schema ( items like
radiusprofiles
) to our ldap server to get this VLAN assignment work
Thank You
john
On 12 July 2013 18:39, Arran Cudbard-Bell wrote:
>
> On 12 Jul 2013, at 13:57, val john wrote:
>
> > Hi guys ,
&
Tunnel-Private-Group-Id = "200",
Reply-Message = "You are Accepted"
DEFAULT Auth-Type := Reject
,Do i need any other configuration file to be edited to get VALN
assignment to work ..? or juts "users" file is enough
Please advice
Thank You
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proceeds working file if the client not specifying any
outer identity)
Can you guys please advice , how to fix this issue
Thank You
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/24/2013 03:15 PM, Julian Macassey wrote:
> On 2013-06-24 at 14:32, John Dennis (jden...@redhat.com) wrote:
>> You need to configure radius to work with ldap, but you haven't done
>> that. You have to uncomment the ldap module from
>> /etc/raddb/sites-enabled/defaul
On 06/24/2013 02:01 PM, Julian Macassey wrote:
>> I don't follow what you're doing. Is your radius server on
>> 192.168.10.14, the same as your client?
>
> My radius server is: 192.168.10.16
>
> My ldap server is: 192.168.10.14
>
>> Because it looks like your
>> sending your access-
On 06/24/2013 12:18 PM, Julian Macassey wrote:
> I added in /etc/freeradius/clients.conf:
>
> client plumgrid-ldap1 {
> # # secret and password are mapped through the "secrets"
> # file.
> secret =
> shortname = ldap
> # # the following three fields are opt
e rlm_ldap module being configured in the output you
sent.
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/21/2013 04:34 PM, John Dennis wrote:
> On 06/21/2013 04:21 PM, Julian Macassey wrote:
>> I am tring to get freeradius working with ldap.
>>
>> The ldap server is on the same LAN as the RADIUS server.
>>
>> The local user test works.
>>
>> I have c
hat am I missing? It won't complain and it won't work.
>
You've failed to provide the complete debug output, something which is
stated as being required nearly every day on this list. This means we
can't see how you've configured things, all that is in the debug out
On 06/07/2013 10:46 AM, Bjarni Hardarson wrote:
> I am sure that the ntlm_auth file is at /usr/bin/ntlm_auth and if i run it
> manually with the expanded attributes i get the NT_KEY.
>
> root@freelab:/#/usr/bin/ntlm_auth --request-nt-key --username=vpntest
> --challenge=d9a8b4d1c188ae1b
> --nt-
ic difference that leads to a fair
amount of confusion (myself included), but after a while you get used to it.
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 06/02/2013 10:00 AM, a.l.m.bu...@lboro.ac.uk wrote:
Hi,
check the shared secret you have defined in clients.conf on the server.
check the shared secret you are using on the client
check the server debug logs etc to see WHAT IP the client is coming
through - if you are using a localhost addr
Elizabeth,
We have had mixed results with Ubuntu's default network manager from
12.04 until the current. Have you tried an alternative wireless manager
like WICD?
http://www.lawn.gatech.edu/help/gtwifi/ubuntu_troubleshooting.html
- John Douglass, Sr. Systems IT/Architect, Georgia Inst
ify by running radiusd under strace (hint: use -o to direct the
output to a file and then search for your CA_path) you should see the
directory being opened and files being read. If there are permission
problems you'll see error information in the strace output.
HTH,
John
--
John Denn
On 05/14/2013 12:01 PM, Mitch Yackobeck wrote:
Good morning John,
I appologize for making myself look like a moron. The original message
had actually been sent to someone who was helping me to potentially work
thru some issues that we were seeing and trying to work out. I
attempted to modify
On 05/13/2013 01:46 PM, Mitch Yackobeck wrote:
Good afternoon All,
I've taken some time over the last couple little while to work with my
test environment in getting it upto date and trying out some issues with
regards authenticating against multiple certificates on a single SSID
for the purpose
uke :-)
I assume you built from git, therefore you've got every piece of
information you need to figure this out. git log will give you exact
information.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.free
{_libdir}/freeradius/rlm_*.so*
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 05/07/2013 04:46 AM, Fajar A. Nugraha wrote:
On Tue, May 7, 2013 at 4:28 AM, John Dennis mailto:jden...@redhat.com>> wrote:
These project maintained build configurations are best thought of as
"bleeding edge developer stuff". Make some change and you want to
t
es in multiple repositories
and assuring they all stay in sync doesn't seem justified.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ed upstream and upstream fixed it. If they took the patch
verbatim then the error you'll see is something akin to "Previously
applied patch or reverse patch". If upstream fixed the issue in some
other way the patch simply won't apply. Figuring exactly which lines of
code changed and why is the work of a package maintainer. In this case
you're assuming that role and you'll have to do that work.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the mysql
connections break for some reason) I want a full restart of the service.
Just testing authentication doesn't give me a full radius stack picture.
- John Douglass
Georgia Institute of Technology
Sr. Systems Architect
On 05/06/2013 12:25 PM, Phil Mayers wrote:
On 06/05/2013 14:40, John
On 5/6/2013 9:24 AM, Phil Mayers wrote:
On 04/29/2013 11:03 PM, FreeRadius List wrote:
Thank you I'll check with the samba people and get a better
understanding of how ntlm_auth works.#
(Sorry for the late reply)
The short version here is: badly.
ntlm_auth talks to winbind. Winbind maintains
ing priority (-e) 0
file size (blocks, -f) unlimited
What am I doing wrong on this?
There is information in this bz you may find useful
https://bugzilla.redhat.com/show_bug.cgi?id=602567
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
x27;s such that only a select subset of users can see
them (e.g. radiusd, root).
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ubscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Matthew,
On 04/17/2013 05:53 PM, Matthew Newton wrote:
On Wed, Apr 17, 2013 at 05:04:11PM -0400, John Center wrote:
it correctly, it looks like one could have a "profiles" file with
individual named profiles defined containing NAS-specific text that
would be sent back to the NAS
Hi Alan,
On 04/17/2013 05:50 PM, Alan DeKok wrote:
John Center wrote:
I see this isn't
defined in the v2.2 FreeRADIUS internal dictionary, though there is a
gap in the numbering where it would be. If I understand it correctly,
it looks like one could have a "profiles" file
be used in a similar way?
Thanks.
-John
--
John Center
Villanova University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eradius-users-bounces+john.giordano=ttmi...@lists.freeradius.org
[mailto:freeradius-users-bounces+john.giordano=ttmi...@lists.freeradius.org] On
Behalf Of John Giordano
Sent: Wednesday, April 17, 2013 1:47 PM
To: FreeRadius users mailing list
Subject: RE: Setting different IDLE-TIMEOUTS b
17, 2013 at 08:38:36PM +0100, Matthew Newton wrote:
> On Wed, Apr 17, 2013 at 12:32:32PM -0500, John Giordano wrote:
> > So in huntgroups I have:
> >
> > ### RADIUS HUNTGROUP TEST - jg ###
> >
> > MSP7345 NAS-IP-Address =~ /^10\.99\.3\./
> > SNJ7000 NA
rdano=ttmi...@lists.freeradius.org] On
Behalf Of John Giordano
Sent: Wednesday, April 17, 2013 11:02 AM
To: 'FreeRadius users mailing list'
Subject: RE: Setting different IDLE-TIMEOUTS based on IP Address
Ok... I feel as though I am trying to solve a riddle here.
I thought that may be the
Ok... I feel as though I am trying to solve a riddle here.
I thought that may be the case but!
I removed the IDLE-TIMEOUT entry from my user stanza and the NAS then rejected
me I think that was because no IDLE-TIMEOUT was being sent at all from the
server to the client
?!
-Origi
rg
[mailto:freeradius-users-bounces+john.giordano=ttmi...@lists.freeradius.org] On
Behalf Of Matthew Newton
Sent: Tuesday, April 16, 2013 1:47 PM
To: FreeRadius users mailing list
Subject: Re: Setting different IDLE-TIMEOUTS based on IP Address
Hi,
On Tue, Apr 16, 2013 at 02:05:45PM -0500, John
-IP-Address == 10.3.99.0/24
IDLE-TIMEOUT = 60
Thanks!
-jg
From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk]
Sent: Tuesday, April 16, 2013 10:45 AM
To: John Giordano; freeradius-users@lists.freeradius.org
Subject: Re: Setting different IDLE-TIMEOUTS based on IP Address
If your
Hi,
So I have done a fair amount of RTFM'ing and search engining but am stumped.
Perhaps someone on this list has successfully done what we are trying to do:
Have our FreeRADIUS Server assign a different IDLE-TIMEOUT Value based on what
IP Address is contacting the RADIUS server.
OS: CentOS 5.
Thanks. Alan
--- 13年4月12日,周五, Alan DeKok 写道:
发件人: Alan DeKok
主题: Re: Freeradius +LDAP + Samba integrates to Active Derectory
收件人: "FreeRadius users mailing list"
日期: 2013年4月12日,周五,下午9:48
John wrote:
> We deploy freeradius integrated to Active Directory, but the AD enabl
one show me some
reference or guide?
Thanks,
John<>-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
k of a rpm spec file as a "recipe" for building. If you're not sure
what ingredients you need then consult the recipe.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 04/10/2013 12:03 AM, pramod kulkarni wrote:
Thanks John for the reply.
can I use EAP-TLS method of authentication with LDAP as backend
datastore to check usernames and passwords.
> It would be like I bind to RADIUS server with EAP-TLS method using
> certificate and
a port is
completely independent of whether the port is blocked, you have to check
both.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ld 1.1.7 version of rlm_ldap and it only supported GSSAPI.
HTH,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: FreeRadius users mailing list
Subject: Re: New/updated dictionary files for Meru and Trapeze
On 28 Mar 2013, at 10:35, John Carter wrote:
> Hi,
>
> Please find attached a brand-new Meru dictionary file and an updated
Trapeze dictionary file (updated based on 2.2.0).
>
> Do
Hi,
Please find attached a brand-new Meru dictionary file and an updated Trapeze
dictionary file (updated based on 2.2.0).
Do you want diffs?
Regards,
John.
dictionary.trapeze
Description: Binary data
dictionary.meru
Description: Binary data
-
List info/subscribe
.
This is exactly what we wanted, and it didn't break EAP.
I also checked the other formats that we wanted to allow, and they all
worked fine too. I'll do further testing tomorrow, but it looks good.
John.
--
John Horne, Plymouth University, UK
Tel: +44 (0)1752 587287Fax:
On Tue, 2013-03-26 at 15:35 +, Phil Mayers wrote:
> On 26/03/2013 15:12, John Horne wrote:
> >> What is the upstream proxy?
> >>
> > Microsoft domain controller (DC).
>
> As in, Microsoft NPS running on a DC?
>
As far as I know, yes. I don't deal wi
On Tue, 2013-03-26 at 14:13 +, Phil Mayers wrote:
> On 26/03/2013 12:50, John Horne wrote:
> > Hello,
> >
> > Using Freeradius 2.1.10 I have been trying to see if I can proxy a
> > request to a remote server but using a different User-Name attribute
> > based
bit seems to be working, but the realm is not being
stripped from the username.
The proxy.conf file simply has:
=
realm NULL {
auth_pool = local_proxies
}
=====
So the realm should be stripped from the username.
Anyone any ideas about this?
Thanks,
John.
--
John
is a recommended configuration.
Until you have these concepts firmly under your grasp you'll likely be
frustrated trying to modify the configuration.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradiu
ld get this into the git
repo before 2.2.1 goes out the door. I think the fix is fairly minor.
Since this just came up about 5 minutes ago I don't have all the details
at hand or a patch yet, but I'll do that soon.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveout
Hi,
I found freeRADIUS support eap-fast. Can I use eap-fast in eap2, meanwhile use
other eap types in eap? Does EAP fragmentation issue fixed in eap2?
Best,
-John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
3F8165' AS
USERNAME,'Auth-Type' AS Attribute,
AAA_GETVALUETOCHECKWITRIBE('001AAD3F8165') AS Value,':=' AS op FROM
dual ORDER BY RC_ID
[sql] User found in radcheck table
Found Auth-Type = Accept
Found Auth-Type = EAP
Warning: Found 2 auth-types on re
r messages. It
says "no response from server (timed out)" over and over. Clearly this
has nothing to do with Radius and is a networking problem. Fix your
network. (Hint: the firewall on one of your boxes is blocking port 1812,
probably the box with your Radius server).
--
John Denni
ote is can
be very useful for setting up your .git/config so you don't have to deal
with verbose syntax.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
they used to. Running rpm freeradius -qV
before installing will verify the installed files and tell you any
you've modified. If you install via "make install" nothing will be
preserved.
Any other data stored in your backends (e.g. SQL, LDAP) shouldn't be
affected and you'r
mine it is too slow.
I have changed 'max_requests' in radiusd.config. And also remove
unnecessary processing on radius server (that is proxying requests). Now
tell me what else can I do?? :(
For starters try reading Alan's response he so graciously provided to you.
--
John Denn
the error
about incomplete data my best guess is the client files might have be
corrupted when the ca command failed. If it were only a CA key change
issue you should have just gotten a bad signature verification failure.
HTH,
John
--
John Dennis
Looking to carve out IT costs?
www.
On 01/23/2013 12:24 PM, John Dennis wrote:
On 01/23/2013 04:32 AM, Armin Maier wrote:
Hello!
I have been using Windows 7, Freeradius 2.1.10 from Debian Squeeze, HP
MSM710 WLAN controller and EAP_TLS Computer Certificate Authentication
for a log time and worked perfect. I used Certificates
used to sign it it's of no value to me so as long as it's not a
public CA it's a safe thing to do)
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
arch failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns notfound
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
your ldap server to perform lookup's related to users and groups thus
the identity you bind as will need permission to view that portion of
the ldap tree.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 01/08/2013 03:53 PM, Ajay Garg wrote:
On Tue, Jan 8, 2013 at 6:45 PM, John Dennis mailto:jden...@redhat.com>> wrote:
On 01/08/2013 05:10 AM, Ajay Garg wrote:
Could you please specify the order of scripts to be run, so that
proper
certificates may be gen
hat the client needs. Now you're
going to have to put that information to use. You really do have to
invest the energy into learning how the pieces fit together.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http:
On 01/07/2013 03:32 PM, Ajay Garg wrote:
John,
I am confused.
I will be grateful if you could specify the sequence of commands to be
run after "make destroycerts".
Note that ::
a)
Running JUST "make client" generates "client.pem" and "ca.pem", but
work.
Make sure you understand the RELATIONSHIP BETWEEN A CERTIFICATE AND IT'S
SIGNER (issuing CA) and how that translates to the configuration
parameters for each software component (see above).
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1 - 100 of 1217 matches
Mail list logo