radius server presenting itself as 127.0.0.1

Morris, Andi amorris at cardiffmet.ac.uk
Thu Mar 6 16:10:39 CET 2014


Hi John,
Thanks for your reply.

The contents of my server.pem file using the openssl x509 -text -in server.pem file are shows the hostname of the server as I entered into the server.cnf file.

The certificates were created by filling in the ca.cnf and server.cnf details and running 'make'.

Steps were taken from http://deployingradius.com/documents/configuration/certificates.html

However, I've just spotted that I had the same commonName for both my server.cnf and ca.cnf. Just edited the ca.cnf and now make is failing as I need to revoke the previous certificates.....that's proving to be a struggle.

Cheers,
Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org] On Behalf Of John Dennis
Sent: 06 March 2014 14:40
To: FreeRadius users mailing list
Subject: Re: radius server presenting itself as 127.0.0.1

On 03/06/2014 07:05 AM, Morris, Andi wrote:
> Hi all,
> 
> I'm working on developing a high-availability setup PacketFence, which 
> uses freeradius to authenticate users against our internal active 
> directory server. I've just come to implement the production 
> self-signed certificates as laid out in 
> http://deployingradius.com/documents/configuration/ca_import.html and 
> when I enable the "validate server certificate" box on my windows 
> client I am asked to accept the certificate, which is expected as I 
> haven't deployed the CA certificate yet, however I'm seeing 
> "127.0.0.1" presented as the radius server name in the pop up box, 
> rather than the actual hostname.
> 
> I can't seem to find why this is happening, and I'd rather that have 
> the server hostnames in the trusted radius server list than something 
> generic like 127.0.0.1.
> 
> Can anyone please point me in the right direction? Debug log attached.

This problem is not likely to be found in the debug log, you need to look at the contents of your certs.

% openssl x509 -text -in cert_filename

How were your certs generated? Are you using the bootstrap certs?



--
John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list