Hello, I am having trouble testing if the certificates created are actually working. I am using JRadiusSimulator to test if the certificates work. I can get an access-accept when I input the correct the correct user name and password and the Radius server IP address and password. There is also a Keys tab on the JRadiusSimulator to input the client certificate and root certificate. When I put the wrong or right path and password for the certificates I still get an access-accept from the debugger. My question is how do I test the certificates created with RADIUS. Thank you
On Sep 30, 2015, at 12:56 PM, Lightfoot, Maurice P. <m.p.lightfoot@spartans.nsu.edu> wrote:
I am having trouble testing if the certificates created are actually working.
What does that mean?
There is also a Keys tab on the JRadiusSimulator to input the client certificate and root certificate. When I put the wrong or right path and password for the certificates I still get an access-accept from the debugger.
I have no idea what that means. Perhaps you could run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list.
My question is how do I test the certificates created with RADIUS.
http://deployingradius.com/ There are detailed instructions. Alan DeKok.
I am having trouble testing if the certificates created are actually working.
- What does that mean? I have installed and configured the freeradius server v3 on a centOS 7, using the beginners guide. On the same machine I have created users and a client. I read Chapter 6.4.1 of the, "The FreeRADIUS Implementation Guide" on Certificate Creation. I created a Root Certificate, a Server Certificate, and a Client Certificate. I was trying to test if the certificate worked properly. So I installed JRadiusSimulator to test if the certificate; thus leading me to the below issue:
There is also a Keys tab on the JRadiusSimulator to input the client certificate and root certificate. When I put the wrong or right path and password for the certificates I still get an access-accept from the debugger.
- I have no idea what that means. -Perhaps you could run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list. The GUI for the JRadiusSimulator has a tab to input the path of the certificates created. I was under the assumption that if I were to put in the wrong path of the certificate, the debugger would send an access-reject. However the debugger still gave an output of access-accept.
My question is how do I test the certificates created with RADIUS.
-http://deployingradius.com/ May be a dumb question but do I need to do EAP Authentication? My professor just wanted me to set up a freeradius server and try to test on the same machine, if you could create a new certificate and delete the default certificate. Then test that the newly created certificates to see if they work. Thank you for all your help, Maurice ________________________________________ From: Freeradius-Users <freeradius-users-bounces+m.p.lightfoot=spartans.nsu.edu@lists.freeradius.org> on behalf of Alan DeKok <aland@deployingradius.com> Sent: Wednesday, September 30, 2015 1:54 PM To: FreeRadius users mailing list Subject: Re: Testing Certificates On Sep 30, 2015, at 12:56 PM, Lightfoot, Maurice P. <m.p.lightfoot@spartans.nsu.edu> wrote:
I am having trouble testing if the certificates created are actually working.
What does that mean?
There is also a Keys tab on the JRadiusSimulator to input the client certificate and root certificate. When I put the wrong or right path and password for the certificates I still get an access-accept from the debugger.
I have no idea what that means. Perhaps you could run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list.
My question is how do I test the certificates created with RADIUS.
http://deployingradius.com/ There are detailed instructions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 30, 2015, at 2:54 PM, Lightfoot, Maurice P. <m.p.lightfoot@spartans.nsu.edu> wrote:
I have installed and configured the freeradius server v3 on a centOS 7, using the beginners guide. On the same machine I have created users and a client. I read Chapter 6.4.1 of the, "The FreeRADIUS Implementation Guide" on Certificate Creation. I created a Root Certificate, a Server Certificate, and a Client Certificate. I was trying to test if the certificate worked properly. So I installed JRadiusSimulator to test if the certificate; thus leading me to the below issue:
The page I pointed you to has explicit instructions for doing these kinds of tests, including how to run a test client. I have no idea how jradiussimulator works.
-Perhaps you could run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list.
The GUI for the JRadiusSimulator has a tab to input the path of the certificates created. I was under the assumption that if I were to put in the wrong path of the certificate, the debugger would send an access-reject. However the debugger still gave an output of access-accept.
So... you're not going to actually look at the debug output. If you had looked at it, you would see WHY it's sending an Access-Accept. If you're going to ignore my recommendations, you shouldn't be asking questions.
My question is how do I test the certificates created with RADIUS.
May be a dumb question but do I need to do EAP Authentication?
Yes, that is a bad question. If you're trying to use certificates for authentication with RADIUS, that means EAP. Every single page you read about the subject will say this.
My professor just wanted me to set up a freeradius server and try to test on the same machine, if you could create a new certificate and delete the default certificate. Then test that the newly created certificates to see if they work.
Follow the instructions on the web page I pointed you to. It WILL work. If you're not going to follow instructions, then there's no need for you to ask questions here. Alan DeKok.
On Wed, Sep 30, 2015 at 06:54:52PM +0000, Lightfoot, Maurice P. wrote:
May be a dumb question but do I need to do EAP Authentication?
To use certificates, yes.
My professor just wanted me to set up a freeradius server and try to test on the same machine, if you could create a new certificate and delete the default certificate. Then test that the newly created certificates to see if they work.
There are example configs for eapol_test with the server that you may find useful. That's the usual way to test EAP auth. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (3)
-
Alan DeKok -
Lightfoot, Maurice P. -
Matthew Newton