Hi again all,
I have a high-availability PF setup, using heartbeat and DRDB and all seems to
be running just fine. However I've just come to implement the production
self-signed certificates as laid out in
http://deployingradius.com/documents/configuration/ca_import.html and when I
enable the "validate server certificate" box on my windows client I am asked to
accept the certificate, which is expected as I haven't deployed the CA
certificate yet, however I'm seeing "127.0.0.1" presented as the radius server
name, rather than the actual hostname.
Is it possible that this is being pulled in from a packetfence variable
somewhere? If so is it possible to change this so that it sends the hostname? I
appreciate I'd need to configure the host to accept both of the hostnames of my
HA setup, but this is fine and I'd rather that than have something generic like
127.0.0.1 in the allowed server list.
Also, I'm posting this to the PF mailing list before the freeradius list as I
have a suspicion that this is being pulled from a PF variable to do with the HA
setup. If this is not the case, and it is indeed something embedded in FR I'll
happily move this question there (complete with the obligatory debug logs).
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: [email protected]<mailto:[email protected]>
--------------------------------------
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
