Hi,
> This needs a tweak - the penultimate parameter is your hostname (i.e. moonshine.lboro.ac.uk). This was changed with the last release, so might not have been fully documented yet. I'll make sure the new wiki is correct..
"fully documented" meaning dorrectly documented ;-)
okay, with that and a new credential sent to me by Adm (thanks!) all is now working from here:
freerad@moonshine:/root$ tidc tr1.moonshot.ja.net moonshine.lboro.ac.uk apc.moonshot.ja.net apc.moonshot.ja.net
TIDC Client:
Server = tr1.moonshot.ja.net, rp_realm = moonshine.lboro.ac.uk, target_realm = apc.moonshot.ja.net, community = apc.moonshot.ja.net
Warning: dh_check failed with 8: the g value is not a generator
tidc_open_connection: Opening GSS connection to tr1.moonshot.ja.net:12309.gss_connect: Connecting to host 'tr1.moonshot.ja.net' on port 12309
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=Oxfordshire/L=Harwell/O=Jisc Collections and Janet [log in to unmask] Workshop CA'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=Oxfordshire/L=Harwell/O=Jisc Collections and Janet [log in to unmask] Workshop CA'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=GB/ST=Oxfordshire/O=Jisc Collections and Janet Ltd./CN=Moonshot Workshop [log in to unmask]
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
tidc_fwd_request: Sending TID request:
{"msg_type": "tid_request", "msg_body": {"rp_realm": "moonshine.lboro.ac.
<SNIP>
(I'm not sure what of this stuff might actually be 'secret' or 'special' without spending time looking at it
tr_msg_decode_tidresp(): Success! result = success.
tr_msg_decode_servers(): Number of servers = 1.
Response received! Realm = apc.moonshot.ja.net, Community = apc.moonshot.ja.net.
Client Key Generated (len = 256):
55 <SNIP>
(well, thats my key....I KNOW that should be secret).
might be worth having a flag for tidc tool that will preserve security by hiding secret/secure parts for those
people wanting to cut/paste output to mailing lists etc???
as a system admin the main issue I'm finding (and will probably block these things being in distros) is
1) lack of -h/--help style hints/tips for the tools (just a dumb ARGV is present)
2) lack of man/info pages for the tools (as an admin thats VERY frustrating - I shouldnt need to
go out to a web page somewhere to find out what the tool is/does - (if such pages exist!)
3) no information about the dependencies/requirements/tools of the utilities in the packages
(that includes where things go/lurk)
..just some things for conversation/thoughts :-)
alan
>
> > freerad@moonshine:~$ tidc tr1.moonshot.ja.net moonshine.lboro.ac.uk apc.moonshot.ja.net apc.moonshot.ja.net
>
> This should work now - something caused the trust router to exit.
>
> Thanks,
>
> Adam Bishop
> Systems Development Specialist
>
> gpg: 0x6609D460
> t: +44 (0)1235 822 245
> xmpp: [log in to unmask]
>
> Janet, the UK's research and education network.
>
>
> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
> not-for-profit company which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
