Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

This flowchart illustrates a general troubleshooting flow of a local Moonshot service.

Your first step should be to check that all Moonshot software is correctly installed and configured.

See Install Moonshot Libraries on a Server first.

Your next step should be to test the local GSSAPI connection.

Does your local GSSAPI connection work?

If your local GSSAPI connection works, then the problem is with your local service-specific configuration.

You should resolve this next.

If your local GSSAPI connection does not work, you should check your RADSEC connection:

  1. Switch to the user that your service runs as (e.g. user 'apache', 'radiusd', 'freerad', 'www-data', 'ssh'):

    $ su - --shell=/bin/bash [your service user]
  2. Does /etc/radsec.conf exist and can you read it?

    $ cat /etc/radsec.conf
  3. Can you read the three certificate files as the user that your service runs as?

    $ cat /location/of/ca.pem
    $ cat /location/of/client.pem
    $ cat /location/of/client.key

If your local RADSEC configuration is incorrect, then resolve this issue by following the steps of Configure a Linux Server to Connect to an RP Proxy.

Add your service's local user to the group that has access rights to /etc/radsec.conf and the three certificate files. If necessary, create a group and assign the appropriate rights.

Then re-test your local GSSAPI connection.

If your local RADSEC connection is correct, then attempt to make a connection to the RP Proxy specified in the local RADSEC configuration.

You can test this by connecting to the local RADSEC proxy:

$ telnet rp-proxy.host 2083

If the connection was successful, you should have a Telnet prompt.

At this point, the problem lies in the RP Proxy configuration. Check your local RP Proxy configuration next.

If the connection was unsuccessful, the problem lies in the connection between your local service and the RP Proxy, but not with the RADSEC connection itself.

You should check whether any firewalls exist first, both locally on the service as well as between the service and the RP Proxy.

 You should check your local RP Proxy configuration next.

  • No labels