The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>]

This sounds like a FreeRADIUS issue... maybe it’s file permissions (i.e. that root has access, but the radiusd user does not)?

 

Try to run the server as user radiusd (or on Debian, freerad). It’ll likely show any errors then since FreeRADIUS drops permissions.

 

Also, for FreeRADIUS issues, subscribe to the FreeRADIUS mailing lists at https://freeradius.org/support/

 

Stefan Paetow
Federated Roaming Technical Specialist

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp AT jabber.dev.ja.net
skype: stefan.paetow.janet

In line with government advice, at Jisc we’re now working from home and our offices are currently closed. Read our statement on coronavirus.

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

 

 

From: <cat-users-request AT lists.geant.org> on behalf of Johann Hugo <jhugo AT sanren.ac.za>
Reply to: Johann Hugo <jhugo AT sanren.ac.za>
Date: Friday, 27 August 2021 at 09:30
To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
Subject: [[cat-users]] Live login tests

 

Hi

 

I have a problem with live login tests to my idp in South Africa. I'm using freeradius-server:3.0.19 with Google ldap in the back end. 

 

Live login's work fine while freeradius runs in debug mode

 

Testing from: eduroamTL dk

TTLS-PAP – elapsed time: 4977 ms.

Connected to radius.sanren.ac.za. Test successful.

Server certificate details: Subject: emailAddress=radius AT sanren.ac.za,CN=radius.sanren.ac.za,O=CSIR,ST=Gauteng,C=ZA Issuer: CN=radius.sanren.ac.za,emailAddress=radius AT sanren.ac.za,O=CSIR,L=Pretoria,ST=Gauteng,C=ZA Valid from: Wednesday, 25-Aug-2021 13:15:47 GMT Valid to: Tuesday, 28-Nov-2023 13:15:47 GMT Serial number: 1 (0x1) SHA1 fingerprint: 48cafdbb59068a72dfe743320e8f23cace948771 Extensions extendedKeyUsage: TLS Web Server Authentication crlDistributionPoints: Full Name: URI:http://www.sanren.ac.za/radius_ca.crl certificatePolicies: Policy: 1.3.6.1.4.1.40808.1.3.2 basicConstraints: CA:FALSE subjectAltName: DNS:radius.sanren.ac.za, othername:

 

but when I run freeradius without the -X, then live login tests from cat.eduroam.org fails. Local authentications + live login tests from our local federated monitoring system works fine. 

 

CAT error message:

TTLS-PAP – elapsed time: 4524 ms.

Connected to radius.sanren.ac.za. Test FAILED: the request was rejected. The most likely cause is that you have misspelt the Username and/or the Password.

Server certificate details: Subject: emailAddress=radius AT sanren.ac.za,CN=radius.sanren.ac.za,O=CSIR,ST=Gauteng,C=ZA Issuer: CN=radius.sanren.ac.za,emailAddress=radius AT sanren.ac.za,O=CSIR,L=Pretoria,ST=Gauteng,C=ZA Valid from: Wednesday, 25-Aug-2021 13:15:47 GMT Valid to: Tuesday, 28-Nov-2023 13:15:47 GMT Serial number: 1 (0x1) SHA1 fingerprint: 48cafdbb59068a72dfe743320e8f23cace948771 Extensions extendedKeyUsage: TLS Web Server Authentication crlDistributionPoints: Full Name: URI:http://www.sanren.ac.za/radius_ca.crl certificatePolicies: Policy: 1.3.6.1.4.1.40808.1.3.2 basicConstraints: CA:FALSE subjectAltName: DNS:radius.sanren.ac.za, othername:

Any ideas where to search for this problem ?

 

Regards

Johann

 

 

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users