Ttys/pap and Active Directory

Клеусов Владимир Сергеевич Kleusov.Vladimir at wildberries.ru
Thu Jul 9 15:48:07 CEST 2020


Yes. That is all. Don't like certificate_file= , which is in the eap module ? It's self-signed. Then I will try to add the windows version to the trusted ones.If it doesn't work out.I will issue a valid certificate. Thanks. I'll write about the results later.

> 9 июля 2020 г., в 16:17, Alan DeKok <aland at deployingradius.com> написал(а):
> 
> On Jul 9, 2020, at 9:13 AM, Клеусов Владимир Сергеевич via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> 
>> Thanks for http://wiki.freeradius.org/list-help
>> I hope I sent debug correctly
>> Debug output
>> ...
>> (3)     [eap-client] = handled
>> (3)   } # authenticate = handled
>> (3) Using Post-Auth-Type Challenge
>> (3) Post-Auth-Type sub-section not found.  Ignoring.
>> (3) # Executing group from file /etc/freeradius/sites-enabled/default
>> (3) session-state: Saving cached attributes
>> (3)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
>> (3)   TLS-Session-Version = "TLS 1.2"
>> (3) Sent Access-Challenge Id 131 from 10.42.2.128:1812 to 10.99.205.184:55719 length 0
>> (3)   EAP-Message = 0x0105003d15800000003314030300010116030300285f7d126dd63c79758f16821fd74acb7dfe9c81039c98eb635eaa0d5d7d7de30b91d4963396290799
>> (3)   Message-Authenticator = 0x00000000000000000000000000000000
>> (3)   State = 0x800be644830ef39b9c89798185b75a0d
>> (3) Finished request
>> Waking up in 4.9 seconds.
> 
>  And.... then what?  This doesn't show a full authentication which ends in Access-Accept.
> 
>  If it stops here, then the client doesn't like the server certificate.  And this has nothing to do with LDAP.
> 
>  Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list