And one more - SSH won’t work by default. post-auth in sites-enabled/default has the magic that adds a SAML assertion with “moonshot” username. But that doesn’t seem to ever get called, because it all now runs through sites-enabled/abab-tr-idp. Putting the SAML stuff in post-auth of abfab-tr-idp makes it work. Rhys. -- Dr Rhys Smith Identity, Access, and Middleware Specialist Cardiff University & Janet, the UK's research and education network email: [log in to unmask] / [log in to unmask] GPG: 0x4638C985 On 6 Oct 2014, at 10:48, Rhys Smith <[log in to unmask]> wrote: > Hi Sam, > > Quick bug report - the /etc/radsec.conf uses TLS but the shared secret in the file is “testing123”. Should be “radsec”. Stops everything from working until that gets changed. > > Rhys. > -- > Dr Rhys Smith > Identity, Access, and Middleware Specialist > Cardiff University & Janet, the UK's research and education network > > email: [log in to unmask] / [log in to unmask] > GPG: 0x4638C985 > > On 3 Oct 2014, at 21:41, Sam Hartman <[log in to unmask]> wrote: > >> Please see >> https://psec.s3.amazonaws.com/moonshot-images/2014.10.03.iso >> >> and for source >> https://psec.s3.amazonaws.com/moonshot-images/2014.10.03.source/debian.tar >> https://psec.s3.amazonaws.com/moonshot-images/2014.10.03.source/debian-live.tar >> >> >> >> This version include the new freeradius. >> >> Note that after installing you'll probably need to: >> >> * in /etc/freeradius/certs >> make destroycerts >> ./bootstrap >> openssl rsa -in client.key -out client.new >> enter password of whatever >> mv client.new client.key >> >> adduser freerad trustrouter >> adduser trustrouter freerad >> >> The freeradius-abfab package does try to add the users but it gets >> installed on the DVD creation prior to moonshot-trust-router so it does >> not succeed. >> >> --Sam >