On Mon, Jun 9, 2014 at 3:27 PM, Enrique Sainz Baixauli <enriquesainz.beca@intef.educacion.es> wrote:
If you upgrade to v3.0.x HEAD it can be made even simpler.
Well, thanks, but that's way too bleeding edge for this purpose :). Remember I was supposed to stick to stable software - ie v2.x.x Anyway, If I have time I will test it just to let you know. When is that feature expected to be released? I guess it's not 3.0.4, since it's already RC...
No, it'll be 3.0.4 it's in 3.0.4rc1.
-Arran
Ok, then I'll try it when 3.0.4 is ready :)
In the meantime, I am trying to configure EAP-TLS for a more secure authentication based on client certificates. I generated a CA certificate and used it to sign server and client certificates, which I installed where I needed. However, trying to associate a W7 machine to the AP resulted in freeradius segfaulting:
(5) # executing section post-auth from file /etc/freeradius/sites-enabled/default (5) cache: [... creating cache entry ...] (5) [cache] = updated (5) foreach &control:LDAP-Group (5) update reply { Segmentation fault
In update reply {} there is only one line of code:
&Ruckus-User-Groups += "%{Foreach-Variable-0}"
And the call to the cache module was the only previous uncommented line in post-auth. So I'm quite clueless about where the segfault comes from, since that same line worked perfectly with MSCHAPv2 inside of PEAP... If you need any more debug output feel free to ask :)
I'm guessing you'd need to follow http://wiki.freeradius.org/project/bug-reports#Crashes-(Segmentation-violati......) or http://lists.freeradius.org/pipermail/freeradius-devel/2014-January/009084.h... -- Fajar