Machine auth fails but user auth works

[Dennis Xu]

Hello Alan/Arran,

Just started to work on this again today. I put the server cert and all intermediate CAs into the same file and changed the /mods-available/eap file as below:
certificate_file = ${certdir}/all_certs.pem
ca_file = ${cadir}/all_certs.pem

Machine auth still failed but with different outputs. I don't see the "tlsv1 alert unknown ca" errors anymore. 

Would you please check the debug outputs again and advise?

Thanks. 

Dennis

----- Original Message -----
From: "Arran Cudbard-Bell" <a.cudbardb at freeradius.org>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Saturday, December 5, 2015 12:30:28 PM
Subject: Re: Machine auth fails but user auth works


> On 5 Dec 2015, at 12:27, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Dec 5, 2015, at 11:28 AM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>> 
>> Ok, added to v3.1.x Matthew (not Alan D...)!
> 
>  "git push" ?

Pushed yesterday: ff5abe3031256040f07ea73eb2478ddbfbe71d96

>> I'm against back porting to v3.0.x because it's potentially a breaking change.
> 
>  I'm adding a warning.  Let's hope people read it.

Ok.

>> If people have multiple values in their config and are relying on the fact that only the first one is processed and the later ones ignored (as we were in a few of the test server configs),  it'd break that.
> 
>  That should be fixed...

It's where we set something like logdir, then included radiusd.conf.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FR Machine Auth with all certs in one file.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151208/b44888ae/attachment.txt>