(no commit message)

[devwiki.git] / ConfiguringRHEL.mdwn

diff --git a/ConfiguringRHEL.mdwn b/ConfiguringRHEL.mdwn
index 7d34673..d5821be 100644 (file)
--- a/ConfiguringRHEL.mdwn
+++ b/ConfiguringRHEL.mdwn
@@ -107,7 +107,6 @@ When in debug mode, FreeRADIUS acts as an interactive program, so it should be r
 ##Moonshot Proper
 First we need a minimal _/etc/radsec.conf_
 
 ##Moonshot Proper
 First we need a minimal _/etc/radsec.conf_
 

-    dictionary = "/etc/raddb/dictionary"

     
     realm gss-eap {
         type = "UDP"
     
     realm gss-eap {
         type = "UDP"


@@ -185,7 +184,7 @@ To start the _gss-server_, run:
 
 There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech):
 
 
 There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech):
 

-    /opt/moonshot/bin/gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" 127.0.0.1 host@localhost bar
+    /opt/moonshot/bin/gss-client -mech "{1.3.6.1.5.5.15.1.1.18 }" 127.0.0.1 host@localhost bar

 
 The second uses __Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)__<br />
 This chooses the "best" mutually-agreeable encryption method for between client and server.  To invoke the client using __SPNEGO__, use:
 
 The second uses __Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)__<br />
 This chooses the "best" mutually-agreeable encryption method for between client and server.  To invoke the client using __SPNEGO__, use:


@@ -274,13 +273,13 @@ Note in the SSH client command, the option __-l ""__ – this signifies that no
 
 ##Common Issues:
 
 
 ##Common Issues:
 

-If you see:
+###If you see:

 
     connecting to server: Connection refused
 
 _gss-server_ is not running – start it again, and check its output for any reasons why it doesn't stay running
 
 
     connecting to server: Connection refused
 
 _gss-server_ is not running – start it again, and check its output for any reasons why it doesn't stay running
 

-If you see:
+###If you see:

 
     GSS-API error initializing context: Unspecified GSS failure.  Minor code may provide more information
     GSS-API error initializing context: SPNEGO cannot find mechanisms to negotiate
 
     GSS-API error initializing context: Unspecified GSS failure.  Minor code may provide more information
     GSS-API error initializing context: SPNEGO cannot find mechanisms to negotiate


@@ -288,7 +287,7 @@ If you see:
 
 Then _/etc/gss/mech_ is invalid or missing
 
 
 Then _/etc/gss/mech_ is invalid or missing
 

-If you see:
+###If you see:

 
     Sending init_sec_context token (size=101)...continue needed...
     CTRL-EVENT-EAP-STARTED EAP authentication started
 
     Sending init_sec_context token (size=101)...continue needed...
     CTRL-EVENT-EAP-STARTED EAP authentication started


@@ -300,26 +299,26 @@ If you see:
 
 Your RADIUS server may not be running, or malfunctioning, run it in debug mode (as mentioned earlier) to find out why.
 
 
 Your RADIUS server may not be running, or malfunctioning, run it in debug mode (as mentioned earlier) to find out why.
 

-If you see:
+###If you see:

 
        Segmentation fault
 
 Then _~/.gss\_eap\_id_ is invalid or missing
 
 
        Segmentation fault
 
 Then _~/.gss\_eap\_id_ is invalid or missing
 

-If you see:
+###If you see:

 
        CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
 
 Then you have not correctly set the _default\_eap\_type_ on the RADIUS server.
 
 
        CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
 
 Then you have not correctly set the _default\_eap\_type_ on the RADIUS server.
 

-If you see:
+###If you see:

 
     GSS-API error gss_pname_to_uid: Unspecified GSS failure.  Minor code may provide more information
     GSS-API error gss_pname_to_uid: Unknown error
 
 Then there is not a local user that matches your Chargeable-User-Identity
 
 
     GSS-API error gss_pname_to_uid: Unspecified GSS failure.  Minor code may provide more information
     GSS-API error gss_pname_to_uid: Unknown error
 
 Then there is not a local user that matches your Chargeable-User-Identity
 

-If you see…
+###If you see…

 
     /opt/moonshot/bin/gss-client: relocation error: /opt/moonshot/bin/gss-client: symbol gss_acquire_cred_with_password, version gssapi_krb5_2_MIT not defined in file libgssapi_krb5.so.2 with link time reference
 
 
     /opt/moonshot/bin/gss-client: relocation error: /opt/moonshot/bin/gss-client: symbol gss_acquire_cred_with_password, version gssapi_krb5_2_MIT not defined in file libgssapi_krb5.so.2 with link time reference