FreeRADIUS - Google LDAP - Error in debug mode - Regarding

P.Thirunavukkarasu drthiruna at tanuvas.org.in
Thu Oct 21 11:04:45 CEST 2021


Hi all,
Thanks for the suggestion given. Particularly Alan. The first response is
always from Alan Ji....

> > The following are the few warning messages I noticed in the debug output.
>
>   Entirely unrelated to the problem.
>
Noted. Will resolve it with our team support.

>
> > *TLSMC: MozNSS compatibility interception begins.tlsmc_convert: INFO:
> > cannot open the NSS DB, expecting PEM configuration is
> > present.tlsmc_intercept_initialization: INFO: successfully intercepted
> TLS
> > initialization. Continuing with OpenSSL only.TLSMC: MozNSS compatibility
> > interception ends.TLS certificate verification: Error, unable to get
> local
> > issuer certificate*
>
>   That *is* an issue.  You should drop the FreeRADIUS packages you're
> using, and use the *working* packages (and LDAP libraries) discussed on
> http://packages.networkradius.com
>
>   Some OS distributions break FreeRADIUS, and it's up to us to fix them.
>
Yes. We are trying to build a new RADIUS server in a new VM. (Hyper-V).
https://wiki.freeradius.org/building/Platforms The core team suggested
FreeBSD as the top among the others. Shall we proceed with FreeBSD? 32 bit
or 64 bit which one is best? Or any other linux versions?

Make sure it runs in debug mode and daemon mode.  Then make ONE change.
> Test it in debug mode and daemon mode.  If it works, save a copy of the
> configuration (e.g. using "git").  If it doesn't work, then that change
> broke the server.  Repeat until you have a final working configuration.
>
>   All of this process is documented EXTENSIVELY in the server.  See "man
> radiusd" for one.  We really don't recommend making 1000 changes to the
> configuration all at once, because most of the time it won't work.
>
>   Take a slow, methodical approach, and it will be FASTER than trying to
> be "fast" by making a bunch of random changes you don't really understand.
>
Noted. We will do it as you directed in a methodical way.
I am having a few doubts? Can you plz guide me?
Windows clients failed to authenticate in FreeRADIUS. But in debug mode no
error messages were noticed.
Any reason for it? How to connect the windows clients?
We tried to set the maximum connection, bandwidth limitation,download and
upload limits per user group of LDAP.
I don't know where to start on the FreeRADIUS server..Just give a clue to
start
Please bear with me...
Regards,
Thirunavukkarasu...


More information about the Freeradius-Users mailing list