Vieri rentorbuy at yahoo.com
Fri Dec 15 13:40:09 CET 2017

From: Alan DeKok <aland at deployingradius.com>
> The problem is when you say things like "both MS and FR are blaming each other".

> That comes across like you don't know which one to believe, and you don't know what's actually going 

> on.

I don't see such a big issue here, but if you do then please accept my apologies. The only thing I was saying is that, as an inexperienced user, I found it hard to understand why a server and a client would yield apparently different results. I wasn't judging anyone (MS or FR), just trying to understand what was going on, and if anyone here with more experience in the Windows arena would actually say something like "hey, you can get more info in the Windows client by looking or doing something else on that machine".

For instance, trying to see if the Windows client gets the exact same server certificate as the one I configured on the Radius server (in case there's some kind of mangling in the middle). I still don't know how to do that, but that's something I can work on.

> i.e. a one-line message from MS saying "EAP error" holds the same weight as thousands of lines of 

> debug output from FR, and the personal input of the developer.

I never said that.

>  TBH, you'd get the same response from a car mechanic.  When you bring your car in with a problem, and 

> he tells you what's wrong

You told me that I had to look at the client's log because the client was sending the reject message.
I searched for it, and found that the client was saying that the server had rejected the transaction. I then wrote the unfortunate "blame" word that offended you. I'm sorry I ever did, but my only intention was to show what I found.
It's as if the car mechanic tells me that the engine doesn't start because of a failing circuit in the main panel, but the electronic panel indicates that there's an issue with the engine. I'm not being disrespectful with the mechanic's profession or experience. I'm just pointing out something that is logically illogical.
It might be a bad MS implementation as you state, but *maybe* it could very well be a bad FR configuration on *my behalf*...
That's all I wanted to say by that.
> I'm always happy to have people stick around.

Great. Will do.


More information about the Freeradius-Users mailing list