Freeradius 3.0 and realms
Alan DeKok
aland at deployingradius.com
Thu Apr 2 19:47:14 CEST 2020
On Apr 2, 2020, at 12:56 PM, Anthony Stuckey <anthonystuckey at gmail.com> wrote:
>
> Is there good documentation of the changes made to realms between
> freeradius 2 and freeradius 3?
See raddb/README.rst
That documents 99% of the changes. There may be other small differences not documented, but they will be minimal.
> We're trying to get windows machine login to work, and we're having the
> same problem as before. Once the machine is joined to the domain, Windows
> appends the domain to the machine name. We need to strip the domain off to
> find the proper identity.
That works the same as it did in v2.
> In freeredius 2, I was able to define a realm which did that, but that
> format no longer works for freeradius 3, and there seems to be no useful
> breadcrumb for how to create the new style realm.
It's the same as in v2.
The log shows no issues with realms. It does show this:
(5) eap_peap: Got complete TLS record (7 bytes)
(5) eap_peap: [eaptls verify] = length included
(5) eap_peap: <<< recv TLS 1.2 [length 0002]
(5) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
(5) eap_peap: ERROR: TLS_accept: Failed in error
(5) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read)
(5) eap_peap: ERROR: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
(5) eap_peap: ERROR: error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
The Windows box doesn't know about the CA used by FreeRADIUS. It won't work until that's fixed.
Alan DeKok.
More information about the Freeradius-Users
mailing list