curious network problem

Antony King antony.king at solutiontrax.com
Tue Aug 17 11:17:26 CEST 2010


On Wednesday 11 August 2010 01:38:22 Alan DeKok wrote:
> Antony King wrote:
> > The 'live' server is a centos5.5 box. I've tried with the standard
> > freeradius2 package (version 2.1.7) and a version compiled from SRPMS in
> > case there was a problem with ttls in that version. The configuration
> > was copied over from the test server, with new keys generated but
> > otherwise unchanged.
> 
>   Were the certs re-generated?  They depend on the keys.

I did 'make destroycerts', then 'make' in the certs directory. It should all 
be new in there.

> 
> > Locally, it authenticates correctly, using the first of the two commands
> > above. If I try and authenticate from a remote system (eg, a NAS or my
> > test server), it refuses to do the ttls negotiation.
> 
>   This is the kind of problem where I would suggest "don't even try to
> debug it."  Instead, follow the EAP howto on my web site
> (http://deployingradius.com).  It will be faster and less work to
> re-create a working system, than to debug a broken one.

I guess so; it's just very frustrating that it all works perfectly if you are 
localhost, but not if you are a remote host. I'm tempted to compile it up from 
scratch on this box too (not using the SRPM) - I spotted that it was looking 
in the wrong place for some libraries in radiusd.conf (not that fixing it made 
any difference, and it presumably found the libs OK when localhost made the 
query) so there may well be other peculiarities.

Thanks,

Antony.



More information about the Freeradius-Users mailing list