radius server presenting itself as 127.0.0.1
Morris, Andi
amorris at cardiffmet.ac.uk
Thu Mar 6 17:39:59 CET 2014
That's fair, sorry everyone. Please find cnf files below:
Server.cnf:
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./
certs = $dir
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/server.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/server.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_days = 1826
default_crl_days = 30
default_md = sha1
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
distinguished_name = server
default_bits = 2048
input_password = password
output_password = password
[server]
countryName = GB
stateOrProvinceName = South Glamorgan
localityName = Cardiff
organizationName = Cardiff Metropolitan University
emailAddress = network at cardiffmet.ac.uk
commonName = "pfdevll01.internal.uwic.ac.uk"
ca.cnf:
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./
certs = $dir
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/ca.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/ca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_days = 1826
default_crl_days = 30
default_md = sha1
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
distinguished_name = certificate_authority
default_bits = 2048
input_password = password
output_password = password
x509_extensions = v3_ca
[certificate_authority]
countryName = GB
stateOrProvinceName = South Glamorgan
localityName = Cardiff
organizationName = Cardiff Metropolitan University
emailAddress = network at cardiffmet.ac.uk
commonName = "pfdevll01 CA"
[v3_ca]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true
openssl x509 -text -in server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=South Glamorgan, L=Cardiff, O=Cardiff Metropolitan University/emailAddress=networks at cardiffmet.ac.uk, CN=pfdevll01 CA
Validity
Not Before: Mar 6 16:02:29 2014 GMT
Not After : Mar 6 16:02:29 2019 GMT
Subject: C=GB, ST=South Glamorgan, O=Cardiff Metropolitan University, CN=pfdevll01.internal.uwic.ac.uk/emailAddress=network at cardiffmet.ac.uk
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:a6:39:cc:b9:35:aa:df:a4:33:fb:5c:4f:a5:
e9:30:98:38:40:bb:0e:b6:5e:4c:dc:9c:f1:84:35:
21:55:ca:a8:9e:6b:fe:ec:4f:5c:d1:23:de:e7:c1:
00:14:f8:8d:4f:ce:1b:15:b2:a4:61:ea:fe:2c:aa:
3e:9c:c4:a4:bb:be:ac:ed:0b:1c:b1:99:29:00:7b:
14:f7:b1:7f:f4:ea:2e:9b:4d:95:7d:63:6a:99:37:
19:de:85:5a:09:4c:0a:22:25:21:bd:8f:31:08:2e:
a4:aa:1c:52:1d:f6:16:19:f8:f7:ed:7b:97:bf:d0:
00:3b:eb:3f:76:e7:41:7c:bd:39:ba:a6:17:a9:1e:
5c:a1:07:a8:14:11:db:eb:9c:cd:4d:f3:3d:8f:2b:
f1:6b:5b:55:9c:83:c4:79:d8:90:1a:e0:66:76:d7:
4a:e7:af:68:d7:7f:3b:60:69:9e:c8:a3:b8:c4:e5:
f7:38:8b:b8:a6:a6:2b:06:d4:01:73:b4:19:67:ce:
55:6c:8a:90:a8:29:b8:f6:cd:08:b0:3a:eb:18:61:
ea:b6:4a:da:8c:bd:11:c8:b9:55:ee:12:57:84:7b:
e0:9f:05:4a:11:ef:70:46:77:b9:b1:24:e7:6e:52:
52:e1:76:8a:d5:3b:44:32:f5:70:27:52:b8:dd:ac:
41:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha1WithRSAEncryption
43:e8:28:ba:5c:c9:07:dd:08:bb:35:8b:c7:17:c3:88:5d:48:
4e:07:4f:3b:36:55:18:ff:26:58:69:75:5d:33:e8:8f:53:21:
9e:2e:20:5c:16:ec:64:45:07:40:7c:26:8d:5f:cf:a8:9f:75:
b0:02:7b:88:7d:eb:e1:40:f2:c5:92:db:a7:43:83:51:72:06:
83:f9:8d:8e:b7:3b:b6:d0:10:6d:12:38:62:c1:1f:4f:da:aa:
7f:52:1b:53:9c:a7:4c:3c:89:d5:19:c7:83:66:cd:79:e6:76:
3a:30:86:66:b9:31:e5:85:48:70:95:94:ac:5f:42:1c:b4:5c:
79:e1:c3:75:98:82:b8:7e:63:33:f5:7d:ec:d2:23:19:33:b8:
30:0d:3f:f8:10:d0:d1:96:8e:45:4f:58:9b:74:2d:c8:ef:a1:
fb:d2:37:1f:e0:a1:de:24:e9:09:24:25:5e:ec:95:4f:10:72:
95:b8:35:51:42:b6:16:c3:1c:df:ed:ac:8e:c0:0e:0f:ef:30:
6b:c0:33:8c:6b:b1:c9:ee:6b:e2:87:76:40:62:01:50:6e:f6:
ae:b2:66:4f:58:a5:e9:a3:ee:fc:8c:4f:cd:c4:ef:bc:be:f3:
e9:f2:38:92:03:52:82:d3:cd:1e:d7:c8:7e:f3:01:50:5f:05:
5e:14:07:28
-----BEGIN CERTIFICATE-----
MIID2jCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBpDELMAkGA1UEBhMCR0Ix
GDAWBgNVBAgTD1NvdXRoIEdsYW1vcmdhbjEQMA4GA1UEBxMHQ2FyZGlmZjEoMCYG
A1UEChMfQ2FyZGlmZiBNZXRyb3BvbGl0YW4gVW5pdmVyc2l0eTEoMCYGCSqGSIb3
DQEJARYZbmV0d29ya3NAY2FyZGlmZm1ldC5hYy51azEVMBMGA1UEAxMMcGZkZXZs
bDAxIENBMB4XDTE0MDMwNjE2MDIyOVoXDTE5MDMwNjE2MDIyOVowgaIxCzAJBgNV
BAYTAkdCMRgwFgYDVQQIEw9Tb3V0aCBHbGFtb3JnYW4xKDAmBgNVBAoTH0NhcmRp
ZmYgTWV0cm9wb2xpdGFuIFVuaXZlcnNpdHkxJjAkBgNVBAMTHXBmZGV2bGwwMS5p
bnRlcm5hbC51d2ljLmFjLnVrMScwJQYJKoZIhvcNAQkBFhhuZXR3b3JrQGNhcmRp
ZmZtZXQuYWMudWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCupjnM
uTWq36Qz+1xPpekwmDhAuw62XkzcnPGENSFVyqiea/7sT1zRI97nwQAU+I1PzhsV
sqRh6v4sqj6cxKS7vqztCxyxmSkAexT3sX/06i6bTZV9Y2qZNxnehVoJTAoiJSG9
jzEILqSqHFId9hYZ+Pfte5e/0AA76z9250F8vTm6phepHlyhB6gUEdvrnM1N8z2P
K/FrW1Wcg8R52JAa4GZ210rnr2jXfztgaZ7Io7jE5fc4i7impisG1AFztBlnzlVs
ipCoKbj2zQiwOusYYeq2StqMvRHIuVXuEleEe+CfBUoR73BGd7mxJOduUlLhdorV
O0Qy9XAnUrjdrEGzAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBBQUAA4IBAQBD6Ci6XMkH3Qi7NYvHF8OIXUhOB087NlUY/yZYaXVdM+iP
UyGeLiBcFuxkRQdAfCaNX8+on3WwAnuIfevhQPLFktunQ4NRcgaD+Y2Otzu20BBt
EjhiwR9P2qp/UhtTnKdMPInVGceDZs155nY6MIZmuTHlhUhwlZSsX0IctFx54cN1
mIK4fmMz9X3s0iMZM7gwDT/4ENDRlo5FT1ibdC3I76H70jcf4KHeJOkJJCVe7JVP
EHKVuDVRQrYWwxzf7ayOwA4P7zBrwDOMa7HJ7mvih3ZAYgFQbvausmZPWKXpo+78
jE/NxO+8vvPp8jiSA1KC080e18h+8wFQXwVeFAco
-----END CERTIFICATE-----
openssl x509 -text -in ca.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10096988745495451223 (0x8c1fb5c4945f9657)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, ST=South Glamorgan, L=Cardiff, O=Cardiff Metropolitan University/emailAddress=network at cardiffmet.ac.uk, CN=pfdevll01 CA
Validity
Not Before: Mar 6 16:02:29 2014 GMT
Not After : Mar 6 16:02:29 2019 GMT
Subject: C=GB, ST=South Glamorgan, L=Cardiff, O=Cardiff Metropolitan University/emailAddress=network at cardiffmet.ac.uk, CN=pfdevll01 CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:be:82:e5:7d:c0:56:70:8a:29:05:13:a1:f8:a4:
9f:bb:d2:6e:86:83:f5:e0:ae:c8:7b:69:21:66:8b:
f8:ec:db:8d:3e:6e:73:50:79:84:83:a3:c9:ea:ed:
1e:65:95:35:52:b5:46:b7:ad:99:c4:ab:62:4c:5e:
3c:80:16:de:81:0f:a1:3c:0f:4c:4d:a9:17:83:15:
c5:86:0d:e6:ab:49:7a:f6:f3:a2:cd:ff:89:3d:cb:
81:49:6e:a0:c7:cc:f7:ab:fc:e0:4e:9d:cb:1f:ad:
ca:1e:da:4d:41:16:7a:20:d0:72:23:48:75:62:98:
aa:36:73:8b:e6:00:7b:41:bc:7e:b4:b5:24:a7:85:
01:d5:2d:c5:8f:f4:69:ff:2b:bb:b8:e1:65:9e:d9:
28:63:cf:45:3e:91:c5:40:ab:c7:3a:95:f6:92:4b:
06:9d:6d:ab:d9:cc:af:49:f4:62:47:7d:89:aa:91:
be:f8:1d:a6:2f:03:13:df:87:e6:5f:d1:3e:b3:b7:
8c:d7:f1:bd:5d:3b:53:31:8f:f1:67:d4:31:7d:ce:
d3:6e:f7:56:45:ed:90:ba:08:a8:1c:b6:54:4b:c6:
d2:d9:e7:8d:ee:f8:23:36:44:49:bc:65:8a:72:18:
a9:26:b7:32:f8:ed:b5:db:c3:ce:42:bf:95:3e:f4:
c5:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:EF:7E:36:8B:B4:AF:F9:13:46:3C:61:54:09:DF:92:1F:58:E1:35
X509v3 Authority Key Identifier:
keyid:10:EF:7E:36:8B:B4:AF:F9:13:46:3C:61:54:09:DF:92:1F:58:E1:35
DirName:/C=GB/ST=South Glamorgan/L=Cardiff/O=Cardiff Metropolitan University/emailAddress=networks at cardiffmet.ac.uk/CN=pfdevll01 CA
serial:8C:1F:B5:C4:94:5F:96:57
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
86:c8:5f:5e:fd:ea:e5:4d:c6:c9:14:c1:58:58:53:24:97:d8:
7e:a6:62:ba:ab:00:51:c5:e7:6b:ef:ab:59:b1:d4:dd:c3:f8:
a6:05:47:aa:1f:7f:39:64:4b:86:9b:73:a8:57:02:93:99:07:
8d:d3:55:0f:6a:2f:2c:68:d3:9b:7f:42:5a:23:91:36:9f:41:
21:f8:98:b4:70:bf:8b:a7:0a:d8:d3:bb:3a:b1:76:34:91:76:
e6:65:ea:4a:ee:5e:9c:cc:93:6a:6a:f1:54:1a:64:08:0c:ff:
c9:30:e3:8e:59:61:00:18:a0:c4:7f:54:d2:25:d5:90:77:77:
91:ed:97:1b:33:c8:f6:da:69:eb:af:7f:44:4d:a0:cf:4b:82:
aa:f0:08:82:64:b8:a1:5a:39:c0:9f:fc:94:b4:89:c8:5c:0b:
86:f0:e5:df:73:18:f4:74:9b:ba:0e:0d:85:26:81:0a:b4:05:
75:9c:1f:09:8a:f2:8e:97:1b:31:31:7c:4f:0d:c2:11:b3:58:
fc:f1:a7:a2:10:8e:21:74:19:fe:68:69:60:6f:44:a3:09:5c:
33:8b:ce:17:5e:b3:da:d9:42:63:84:83:05:34:fb:2a:90:f8:
92:56:5c:80:3c:48:41:15:bf:30:94:f7:ff:82:e8:ca:6d:c1:
64:3b:49:47
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIJAIwftcSUX5ZXMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD
VQQGEwJHQjEYMBYGA1UECBMPU291dGggR2xhbW9yZ2FuMRAwDgYDVQQHEwdDYXJk
aWZmMSgwJgYDVQQKEx9DYXJkaWZmIE1ldHJvcG9saXRhbiBVbml2ZXJzaXR5MSgw
JgYJKoZIhvcNAQkBFhluZXR3b3Jrc0BjYXJkaWZmbWV0LmFjLnVrMRUwEwYDVQQD
EwxwZmRldmxsMDEgQ0EwHhcNMTQwMzA2MTYwMjI5WhcNMTkwMzA2MTYwMjI5WjCB
pDELMAkGA1UEBhMCR0IxGDAWBgNVBAgTD1NvdXRoIEdsYW1vcmdhbjEQMA4GA1UE
BxMHQ2FyZGlmZjEoMCYGA1UEChMfQ2FyZGlmZiBNZXRyb3BvbGl0YW4gVW5pdmVy
c2l0eTEoMCYGCSqGSIb3DQEJARYZbmV0d29ya3NAY2FyZGlmZm1ldC5hYy51azEV
MBMGA1UEAxMMcGZkZXZsbDAxIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvoLlfcBWcIopBROh+KSfu9JuhoP14K7Ie2khZov47NuNPm5zUHmEg6PJ
6u0eZZU1UrVGt62ZxKtiTF48gBbegQ+hPA9MTakXgxXFhg3mq0l69vOizf+JPcuB
SW6gx8z3q/zgTp3LH63KHtpNQRZ6INByI0h1YpiqNnOL5gB7Qbx+tLUkp4UB1S3F
j/Rp/yu7uOFlntkoY89FPpHFQKvHOpX2kksGnW2r2cyvSfRiR32JqpG++B2mLwMT
34fmX9E+s7eM1/G9XTtTMY/xZ9Qxfc7TbvdWRe2QugioHLZUS8bS2eeN7vgjNkRJ
vGWKchipJrcy+O2128POQr+VPvTF7QIDAQABo4IBDTCCAQkwHQYDVR0OBBYEFBDv
fjaLtK/5E0Y8YVQJ35IfWOE1MIHZBgNVHSMEgdEwgc6AFBDvfjaLtK/5E0Y8YVQJ
35IfWOE1oYGqpIGnMIGkMQswCQYDVQQGEwJHQjEYMBYGA1UECBMPU291dGggR2xh
bW9yZ2FuMRAwDgYDVQQHEwdDYXJkaWZmMSgwJgYDVQQKEx9DYXJkaWZmIE1ldHJv
cG9saXRhbiBVbml2ZXJzaXR5MSgwJgYJKoZIhvcNAQkBFhluZXR3b3Jrc0BjYXJk
aWZmbWV0LmFjLnVrMRUwEwYDVQQDEwxwZmRldmxsMDEgQ0GCCQCMH7XElF+WVzAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCGyF9e/erlTcbJFMFYWFMk
l9h+pmK6qwBRxedr76tZsdTdw/imBUeqH385ZEuGm3OoVwKTmQeN01UPai8saNOb
f0JaI5E2n0Eh+Ji0cL+LpwrY07s6sXY0kXbmZepK7l6czJNqavFUGmQIDP/JMOOO
WWEAGKDEf1TSJdWQd3eR7ZcbM8j22mnrr39ETaDPS4Kq8AiCZLihWjnAn/yUtInI
XAuG8OXfcxj0dJu6Dg2FJoEKtAV1nB8JivKOlxsxMXxPDcIRs1j88aeiEI4hdBn+
aGlgb0SjCVwzi84XXrPa2UJjhIMFNPsqkPiSVlyAPEhBFb8wlPf/gujKbcFkO0lH
-----END CERTIFICATE-----
Cheers,
Andi
-----Original Message-----
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: 06 March 2014 16:26
To: FreeRadius users mailing list
Subject: Re: radius server presenting itself as 127.0.0.1
Hi,
> Thanks for the replies everyone.
> The revocation wasn't going as planned so I did as Alan suggested and restored the folder from a backup I made before running the first 'make'. I then edited the ca.cnf to give a different commonName to the server.cnf, ran make again and all went well. However I still am seeing the servername as being 127.0.0.1 on the Windows supplicant.
well...it probably is! without seeing your config files or certs we cannot help....
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list