Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-21 Thread Garry Shtern
Jeff, Just to confirm, you have Root in your Trusted CA list on your windows box, correct? You might want to take a look at this link: http://blogs.technet.com/b/yuridiogenes/archive/2008/04/18/authentication-problem-on-a-802-1x-wireless-network.aspx. This should give you an idea of how to en

[RADIATOR] AuthLog SYSLOG - LogOpt PID

2014-02-21 Thread Kurt Bauer
Hi, I recently tried to integrate Radiator syslog messages into our central logging tool. Too easily find the logs from various servers apart I added a custom LogIdent parameter per Server, which works as expected. The problem now is, that Radiator appends the pid in square brackets to the LogIden

Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-21 Thread Jeffrey Smith
Garry, Thanks for the link, it has revealed some interesting data. Looks like Windows doesn't like wildcard certs for this, per the debug logs that the posted link led me to: '*' is not allowed in server name; returning EAP_E_SERVER_ROOT_CERT_NAME_REQUIRED. I'm digging up a non wildcard cert to

Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-21 Thread Jeffrey Smith
And as expected loading a non wildcard cert does allow windows to connect without making any changes to it. However, windows auth is very picky about its trusted CAs so the cert I had popped up a warning but still allowed me to connect. Thanks again all for the help on this! Thanks, Jeff Smith N

Re: [RADIATOR] Delayed Stop Record and Active Sessions

2014-02-21 Thread rohan.henry @cwjamaica.com
Thanks for the feedback Heikki. I am thinking that the suggestion would solve the problem but defeats the state limit function. It means that a connection would now become unique based on Acct-Session-Id which changes for every connection and would grant access to the same user multiple times sinc