cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Francesco Malvezzi <francesco.malvezzi AT unimore.it>
- To: A.L.M.Buxey AT lboro.ac.uk
- Cc: cat-users AT geant.net
- Subject: Re: [cat-users] dynamic tests failed
- Date: Mon, 09 Mar 2015 16:45:56 +0100
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Unimore-x-sa-score: -1.2
Il 09/03/15 16:25,
A.L.M.Buxey AT lboro.ac.uk
ha scritto:
> Hi,
>
>> So there is something very wrong in the way I configured cat that
>> explodes in the Live login test, but hides a bit in the STATIC
>> connectivity tests.
>>
>> Connection to eduroam from cat-less clients works.
>
>
> both of those 2 scream out 'incorrect profile' - a CAT-less cient would not
> be configured to
> verify the cert etc - so check your profile to see what you are asserting
> for the cert -
> ensure you have all intermediates present and ensure you are defining the
> correct CommonName
> for the cert. looks like "eduradius.dmz-ext.unimo.it" from a quick remote
> check.
> (also ensure that you have chosen your supported methods via the
> drag-and-drop profile
> creator for PEAP and EAP-TTLS)
thank you for your really clear thoughts.
I don't think it a certificate issue, because I can read the
access-request log line on my FreeRADIUS. I think the connection would
be dropped way before, if certs were untrusted.
Mon Mar 9 16:38:33 2015
Packet-Type = Access-Request
User-Name =
"a_test_account AT unimore.it"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "22-44-66-CA-20-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "rad_eap_test + eapol_test"
EAP-Message = 0x0207000d150015030100020230
State = 0x8749efda814efa8d74d20a5f2ff7c664
Message-Authenticator = 0xa729c1d2ffc44714271dd02ae3bd3dc6
Vendor-9048-Attr-0 =
0x50726f786965642d42793d65746c72312e656475726f616d2e6f72672d31343235383836323033
Vendor-9048-Attr-0 =
0x50726f786965642d42793d72616469756d2e737572666e65742e6e6c2d31343235383836323033
Vendor-25178-Attr-10 = 0x554e4b4e4f574e
The problem with this access-request is it doesn't trigger the ldap
search to fetch the NT passwd.
By the way: is NAS-IP-Address = 127.0.0.1 expected? Other (true
access-requests don't arrive from localhost).
thank you,
Francesco
--
Servizio gestione identitĂ
Via Campi, 213/b
41125 Modena
- [cat-users] dynamic tests failed, Francesco Malvezzi, 03/05/2015
- Re: [cat-users] dynamic tests failed, Tomasz Wolniewicz, 03/05/2015
- Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/09/2015
- Re: [cat-users] dynamic tests failed, A . L . M . Buxey, 03/09/2015
- Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/09/2015
- Re: [cat-users] dynamic tests failed, A . L . M . Buxey, 03/09/2015
- Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/10/2015
- Re: [cat-users] dynamic tests failed, A . L . M . Buxey, 03/09/2015
- Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/09/2015
- Re: [cat-users] dynamic tests failed, Tomasz Wolniewicz, 03/05/2015
Archive powered by MHonArc 2.6.19.