The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Francesco Malvezzi <francesco.malvezzi AT unimore.it>]

Il 09/03/15 17:05, 
A.L.M.Buxey AT lboro.ac.uk
 ha scritto:
> Hi,
> 
>> I don't think it a certificate issue, because I can read the
>> access-request log line on my FreeRADIUS. I think the connection would
>> be dropped way before, if certs were untrusted.
> 
> a lot of stuff is done before the server hands the client its certificate 
> (for
> the client to then check, trust and carry on with the conversation). 
> 
>> The problem with this access-request is it doesn't trigger the ldap
>> search to fetch the NT passwd.
> 
> why should it? you will only be checking the NT password in the 
> inner-tunnel...and
> to get to the inner-tunnel the client and server have to have created their 
> TLS session
> 
>> By the way: is NAS-IP-Address = 127.0.0.1 expected? Other (true
>> access-requests don't arrive from localhost).
> 
> its the NAS...so if from command line and eapol_test, yes, it can be 
> changed via eapol_test 
> command line (-A)

First of all, thank you for this very clear explanation. Now I get it
better.
It was all a mistake of mine: while a intermediate certificate was
uploaded twice, another one was missing.
Again, thank you for the time you spend debugging my mistakes,

Francesco