Failed Logins
King, Michael
MKing at bridgew.edu
Wed Sep 6 16:35:59 CEST 2006
How can I get you more information?
It seems to take about 12 hours to happen.
I did have this in the message log about 1 hour before hand, but I think
it's unrelated
Sep 6 09:09:19 radius1 kernel: audit(1157548159.246:31): avc: denied
{ search } for pid=2699 comm="winbindd" name="lib" dev=dm-0 ino=589826
scontext=user
_u:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir
Sep 6 09:09:19 radius1 kernel: audit(1157548159.246:32): avc: denied
{ getattr } for pid=2699 comm="winbindd" name="samba" dev=dm-0
ino=589961 scontext=u
ser_u:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir
I've had this happen on two different boxes, on two different
distributions. The Certs I'm using are from two different Paid CA's.
(One is Geotrust, the other is IPSCA)
Neither server has had a cert before.
So...
Should all the machines be named the same, and have the same cert?
(This is what the last email has let me to, but I wouldn't think this is
the way you would setup Radius)
> -----Original Message-----
> From:
> freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.or
> g
> [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freer
> adius.org] On Behalf Of Alan DeKok
> Sent: Tuesday, September 05, 2006 3:52 PM
> To: FreeRadius users mailing list
> Subject: Re: Failed Logins
>
> "King, Michael" <MKing at bridgew.edu> wrote:
> > 24 hrs later, Different radius server. (on a different box,
> this one
> > is
> > RedHat) FreeRadius 1.1.3
> > Same problem, throwing the same Error.
>
> This may be related:
>
> https://www.aet.tu-cottbus.de/pipermail/postfix_tls/2002/000353.html
>
> ...
> It ends up that my IMAP server and postfix were using two
> different self-signed certs that had identical common names.
> As soon as I began to use the same cert for both servers, the
> mozilla/netscape problem went away.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list