Skip to Content.

cat-users - [[cat-users]] Live login tests

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


[[cat-users]] Live login tests


Chronological Thread 
    < Chronological >      < Thread >
  • From: Johann Hugo <jhugo AT sanren.ac.za>
  • To: cat-users AT lists.geant.org
  • Subject: [[cat-users]] Live login tests
  • Date: Fri, 27 Aug 2021 10:29:41 +0200
Hi

I have a problem with live login tests to my idp in South Africa. I'm using freeradius-server:3.0.19 with Google ldap in the back end. 

Live login's work fine while freeradius runs in debug mode

Testing from: eduroamTL dk
TTLS-PAP – elapsed time: 4977 ms.
Connected to radius.sanren.ac.za.

Test successful.

 

Server certificate details:

Subject:
emailAddress=radius AT sanren.ac.za,CN=radius.sanren.ac.za,O=CSIR,ST=Gauteng,C=ZA
Issuer:
CN=radius.sanren.ac.za,emailAddress=radius AT sanren.ac.za,O=CSIR,L=Pretoria,ST=Gauteng,C=ZA
Valid from:
Wednesday, 25-Aug-2021 13:15:47 GMT
Valid to:
Tuesday, 28-Nov-2023 13:15:47 GMT
Serial number:
1 (0x1)
SHA1 fingerprint:
48cafdbb59068a72dfe743320e8f23cace948771
Extensions
extendedKeyUsage: TLS Web Server Authentication
crlDistributionPoints: Full Name: URI:http://www.sanren.ac.za/radius_ca.crl
certificatePolicies: Policy: 1.3.6.1.4.1.40808.1.3.2
basicConstraints: CA:FALSE
subjectAltName: DNS:radius.sanren.ac.za, othername:

but when I run freeradius without the -X, then live login tests from cat.eduroam.org fails. Local authentications + live login tests from our local federated monitoring system works fine. 

CAT error message:
TTLS-PAP – elapsed time: 4524 ms.
Connected to radius.sanren.ac.za.

Test FAILED: the request was rejected. The most likely cause is that you have misspelt the Username and/or the Password.

 

Server certificate details:

Subject:
emailAddress=radius AT sanren.ac.za,CN=radius.sanren.ac.za,O=CSIR,ST=Gauteng,C=ZA
Issuer:
CN=radius.sanren.ac.za,emailAddress=radius AT sanren.ac.za,O=CSIR,L=Pretoria,ST=Gauteng,C=ZA
Valid from:
Wednesday, 25-Aug-2021 13:15:47 GMT
Valid to:
Tuesday, 28-Nov-2023 13:15:47 GMT
Serial number:
1 (0x1)
SHA1 fingerprint:
48cafdbb59068a72dfe743320e8f23cace948771
Extensions
extendedKeyUsage: TLS Web Server Authentication
crlDistributionPoints: Full Name: URI:http://www.sanren.ac.za/radius_ca.crl
certificatePolicies: Policy: 1.3.6.1.4.1.40808.1.3.2
basicConstraints: CA:FALSE
subjectAltName: DNS:radius.sanren.ac.za, othername:
Any ideas where to search for this problem ?

Regards
Johann



Archive powered by MHonArc 2.6.19.

Top of Page