Hi Daniel,
>1. I'm using a Radius server connected to the production eduroam
>infrastructure and therefore I'm able to verify common eduroam users.
Most likely the RADIUS User-Name attribute isn't being set by the remote
RADIUS server or (less likely) filtered by your local RADIUS server. It
would probably be easiest to run tcpdump on the NFS acceptor host and see
what RADIUS attributes are being returned.
>2. The eap library doesn't seem to be able to "negotiate" particular
>authN method (or at least, it behaves differently than common
>wpa-supplicant). Our radius server offers TLS as the default method and
>the gss client persists on using it and doesn't try anything else, like
>PEAP which is available too, and which only I managed to get actually
>working for authN. When I switched the configuration of the radius
>server to use PEAP as default, authentication started to work.
Perhaps we need a way to specify the initiator's preferred EAP method.
Would it be reasonable to specify a prioritised list of methods in
.gss_eap_id for the GSS library to use?
Josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
|