The following scenario seems a bit better.
> 2. I also want to make our trust router (ms-tr.aai.niif.hu) to work, but it is not so easy :)
> When I try from our RP proxy (this is the same RP as above) the following
>
> freerad@ms-rp:~$ tidc ms-tr.aai.niif.hu ms-rp.aai.niif.hu apc.moonshot.ja.net apc.moonshot.ja.net
>
> I get the following error:
Server = ms-tr.aai.niif.hu, rp_realm = ms-rp.aai.niif.hu, target_realm = apc.moonshot.ja.net, community = apc.moonshot.ja.net, port = 12309
Warning: dh_check failed with 8: the g value is not a generator
tidc_open_connection: Opening GSS connection to ms-tr.aai.niif.hu:12309.gss_connect: Connecting to host 'ms-tr.aai.niif.hu' on port 12309
CTRL-EVENT-EAP-STARTED EAP authentication started
[...]
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
tidc_fwd_request: Sending TID request:
{"msg_type": "tid_request", "msg_body": {"rp_realm": "ms-rp.aai.niif.hu", "community": "apc.moonshot.ja.net", "target_realm": "apc.moonshot.ja.net", "dh_info": {"dh_p": "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", "dh_g": "02", "dh_pub_key": "17E69132B5BA2A073AE897E2FA3ED73033173BC4DCB9C35F7311503E32362C82CA7B8FEDB294514A70E39EE52F0E489FD0962EE7B9EB7E3F33244E2A2FD64958AA228B2D72C67650F9E91BEA31DCE7F4D9B82DCA159F645C72DE1DF4B515F4BF5356D63E05568B7B82B5AE21BBFB1707AF03548E98E7634E0964B2E07902BC92BBC1C8E67F7EFA69750DBF5B748177E0B3AF57A4CA2741CD1D5DB0FE0F72B08F0221942AB7675AA4DC3BF4C011B580A6BD641B4B786A24A16809826AE9640B24CDAED2051D587EE6699FB441FBE9270BEC5FD05DFF1D35A32C7F36FA2A91CE3CBAB6D10516FC6B916DD73AE2EB5777BA2BA07F2AD2DFA36635776B6DAEB4B0EC"}}}
tidc_fwd_request: Response Received (218 bytes).
{"msg_type": "tid_response", "msg_body": {"result": "error", "err_msg": "Can't forward request to next hop TIDS", "comm": "apc.moonshot.ja.net", "rp_realm": "ms-rp.aai.niif.hu", "target_realm": "apc.moonshot.ja.net"}
tr_msg_decode_tidresp(): Error! result = error.
Response received! Realm = apc.moonshot.ja.net, Community = apc.moonshot.ja.net.
tidc_resp_handler: Response is an error.
So not "cannot connect", only "cannot forward"... Do you have any idea?
-
Thanks,
Tamas
|