Recent changes

Peter Nixon listuser at peternixon.net
Tue Apr 24 21:53:28 CEST 2007


On Tue 24 Apr 2007, Alan DeKok wrote:
>   I finally got around to updating the horrible OpenSSL certificate
> handling in the server.  You can now do:
>
> $ cd /etc/raddb/certs
> $ make
>
>   and you'll get sane certificates.
>
>   Don't like the values for commonName, Country, etc?
>
> $ cd /etc/raddb/certs
> $ make distclean
> $ vi server.cnf
> $ make server.pem
>
>   Much, much better.  There's even a README that's readable.  And
> instructions for creating client certificates for EAP-TLS.
>
>   So far as I can tell, it works.
>
>   Also, Peter will be happy to know that you can now do:

VERY happy! Thanks :-)

-snip-

>   There's also a Post-Proxy-Type Fail.  It gets run when the server
> discovers that there are no live home servers for a request.  This
> happens in the child thread when it's proxying, if all are dead.  If the
> main thread receives a retransmit, and notices that all of the home
> servers are dead, it runs the request through Post-Proxy-Type Fail....
> in a child thread.

I assume that this can be used to write an accounting detail file (to be sent 
later with radrelay) only when proxying fails... Cool stuff!!

Cheers
-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc



More information about the Freeradius-Devel mailing list