cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [cat-users] dynamic tests failed

From: A.L.M.Buxey AT lboro.ac.uk
To: Francesco Malvezzi <francesco.malvezzi AT unimore.it>
Cc: cat-users AT geant.net
Subject: Re: [cat-users] dynamic tests failed
Date: Mon, 9 Mar 2015 16:05:38 +0000
List-archive: <http://mail.geant.net/pipermail/cat-users/>
List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>

Hi,

> I don't think it a certificate issue, because I can read the
> access-request log line on my FreeRADIUS. I think the connection would
> be dropped way before, if certs were untrusted.

a lot of stuff is done before the server hands the client its certificate (for
the client to then check, trust and carry on with the conversation).

> The problem with this access-request is it doesn't trigger the ldap
> search to fetch the NT passwd.

why should it? you will only be checking the NT password in the
inner-tunnel...and
to get to the inner-tunnel the client and server have to have created their
TLS session

> By the way: is NAS-IP-Address = 127.0.0.1 expected? Other (true
> access-requests don't arrive from localhost).

its the NAS...so if from command line and eapol_test, yes, it can be changed
via eapol_test
command line (-A)

alan

[cat-users] dynamic tests failed, Francesco Malvezzi, 03/05/2015
- Re: [cat-users] dynamic tests failed, Tomasz Wolniewicz, 03/05/2015
  - Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/09/2015
- Re: [cat-users] dynamic tests failed, A . L . M . Buxey, 03/09/2015
  - Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/09/2015
    - Re: [cat-users] dynamic tests failed, A . L . M . Buxey, 03/09/2015
      - Re: [cat-users] dynamic tests failed, Francesco Malvezzi, 03/10/2015