curious network problem
Antony King
antony.king at solutiontrax.com
Tue Aug 17 11:17:26 CEST 2010
On Wednesday 11 August 2010 01:38:22 Alan DeKok wrote:
> Antony King wrote:
> > The 'live' server is a centos5.5 box. I've tried with the standard
> > freeradius2 package (version 2.1.7) and a version compiled from SRPMS in
> > case there was a problem with ttls in that version. The configuration
> > was copied over from the test server, with new keys generated but
> > otherwise unchanged.
>
> Were the certs re-generated? They depend on the keys.
I did 'make destroycerts', then 'make' in the certs directory. It should all
be new in there.
>
> > Locally, it authenticates correctly, using the first of the two commands
> > above. If I try and authenticate from a remote system (eg, a NAS or my
> > test server), it refuses to do the ttls negotiation.
>
> This is the kind of problem where I would suggest "don't even try to
> debug it." Instead, follow the EAP howto on my web site
> (http://deployingradius.com). It will be faster and less work to
> re-create a working system, than to debug a broken one.
I guess so; it's just very frustrating that it all works perfectly if you are
localhost, but not if you are a remote host. I'm tempted to compile it up from
scratch on this box too (not using the SRPM) - I spotted that it was looking
in the wrong place for some libraries in radiusd.conf (not that fixing it made
any difference, and it presumably found the libs OK when localhost made the
query) so there may well be other peculiarities.
Thanks,
Antony.
More information about the Freeradius-Users
mailing list