Eureka! I did of course have "steve" not "steve@local" in my .gss_eapid.
Finally just for a bit of fun I added a realm entry for
moonshot-test.is.ed.ac.uk to my /etc/raddb/proxy.conf and it now works
if I specify "[log in to unmask]".
Thanks for all your help and for finally figuring it out. I suppose this
should be made more explicit on the wiki page as well as pointing out
that the "realm" specified in that file actually relates to the RADIUS
realm. I'm still not 100% sure in my mind how (or indeed if) the
gss-server/gss-client host@localhost / Kerberos/ Radius realms all hang
together in Moonshot.
For now I owe you a virtual beer :D
On 10/07/13 09:54, Sam Hartman wrote:
> The Key is in RSE17.
>
> That's the 17th radsec error.
> Except you're never supposed to see a message like that; there's code to
> map the radsec errors to useful strings, but
>
> 1) I don't know what radsec error 17 is
>
> and 2) The mapping code could be more useful in this instance.
>
>
> RSE 17 is radsec_invalid_argument.
>
> Ah!
> It comes back to me.
> Make sure the username you're using includes a realm.
> I.E. if you're using .gss_eap_id make sure that the first line looks
> like
> steve@local
> not steve
>
> If you're using the identity selector make sure that you have a
> non-empty issuer.
>
> --Sam
>
--
/****************************
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email: [log in to unmask]
*******************************/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|