Thanks Loick, but I've worked it out now. I needed to update the /usr/local/pf/conf/radiusd/eap.conf with the directory of the radius certificates, rather than the packetfence web interface certificates.
Cheers, Andi -----Original Message----- From: Loick Pelet [mailto:[email protected]] Sent: 06 March 2014 18:32 To: [email protected] Subject: Re: [PacketFence-users] radius server presenting itself as 127.0.0.1 Hello Andi, Both of your servers should have their /etc/hosts files well completed. PacketFence sends the FQDN merging hostname and domain parameters in pf.conf. Loick On Mar 05-05:17PM, Morris, Andi wrote: > Hi again all, > I have a high-availability PF setup, using heartbeat and DRDB and all seems > to be running just fine. However I've just come to implement the production > self-signed certificates as laid out in > http://deployingradius.com/documents/configuration/ca_import.html and when I > enable the "validate server certificate" box on my windows client I am asked > to accept the certificate, which is expected as I haven't deployed the CA > certificate yet, however I'm seeing "127.0.0.1" presented as the radius > server name, rather than the actual hostname. > > Is it possible that this is being pulled in from a packetfence variable > somewhere? If so is it possible to change this so that it sends the hostname? > I appreciate I'd need to configure the host to accept both of the hostnames > of my HA setup, but this is fine and I'd rather that than have something > generic like 127.0.0.1 in the allowed server list. > > Also, I'm posting this to the PF mailing list before the freeradius list as I > have a suspicion that this is being pulled from a PF variable to do with the > HA setup. If this is not the case, and it is indeed something embedded in FR > I'll happily move this question there (complete with the obligatory debug > logs). > > Cheers, > Andi > > ------------------------------------- > Andi Morris > IT Security Officer > Cardiff Metropolitan University > T: 02920 205720 > E: [email protected]<mailto:[email protected]> > -------------------------------------- > > ---------------------------------------------------------------------- > -------- Subversion Kills Productivity. Get off Subversion & Make the > Move to Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization > and the freedom to use Git, Perforce or both. Make the move to Perforce. > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg. > clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and PacketFence +(www.packetfence.org<http://www.packetfence.org/>) gtalk or skype : lpelet.inverse ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
