Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Problem

I can't seem to be able to connect my service to the trust router infrastructure. I get the following error when running the TIDC command:

Error returned by gss_init_sec_context:
      major error <1> Unspecified GSS failure. Minor code may provide more information
      minor error <1> Generic RADIUS failure
AuthenticateToServer failed: Generic RADIUS failure (err = 2109382928)
Error in tidc_open_connection.

Possible Solutions:

Check the following:

  1. The RADIUS server specified in /etc/radsec.conf is running and can be reached over TLS or UDP (depending on your setting in radsec.conf).
  2. There may be a problem with the APC or the trust router. Please contact JANET.

 

Problem

I can't seem to be able to connect my service to the trust router infrastructure. I get the following error when running the TIDC command:

Error returned by gss_init_sec_context:
      major error <1> Unspecified GSS failure. Minor code may provide more information
      minor error <1> Missing default password or other credentials
AuthenticateToServer failed: Missing default password or other credentials (err = 2109382948)
Error in tidc_open_connection.

Possible Solutions:

Check the following:
  1. You are running the newest version of the trust router and Moonshot software. If you were part of the Moonshot Pilot Workshop in February 2014, you must update your software to the newest version as Trust Router 1.2 is not backward compatible.
  2. You have installed the dbus-x11 package. This package is not installed as part of the package dependencies, but it is part of the instructions in Section 2 of Install a Moonshot IdP on Debian 7. It is a client library and will not require the installation of the X11 system.
  3. You have the FreeRADIUS user (freerad on Debian systems, radiusd on RHEL systems) listed in /etc/moonshot/flatstore-users.
  4. You have imported the Trust Router credentials using the moonshot-webp command as the FreeRADIUS user in Section 5.3.1 of Install a Moonshot IdP on Debian 7. To verify you have, execute ls -la ~/.local/share/moonshot-ui/identities.txt as the FreeRADIUS user, and you should see the file listed.
  5. You are running the TIDC command as the FreeRADIUS user and that you have run the unset DISPLAY command before running the TIDC command.
  6. If your service is firewalled, check that TCP ports 2083 and 12309 are open both in- and outbound, and that the public IP address is the one you gave Adam Bishop. Ideally, your firewall should also support hairpinning.
  7. If you use Network Address Translation (NAT), check that you are forwarding TCP ports 2083 and 12309 both in- and outbound, and that the public IP address is the one you gave Adam Bishop.

 

Problem

I can't seem to be able to connect my service to the trust router infrastructure. It seems to start but then I get the following error when running the TIDC command:

tidc_open_connection: Opening GSS connection to tr1.moonshot.ja.net:12309.gss_connect: Connecting to host 'tr1.moonshot.ja.net' on port 12309
CTRL-EVENT-EAP-STARTED EAP authentication started
:
:
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
tidc_fwd_request: Sending TID request: {"msg_type": "tid_request", "msg_body": {"rp_realm": "my RP realm", "target_realm": "apc.moonshot.ja.net", "community": "apc.moonshot.ja.net", ...}

ReadBuffer failed: Connection reset by peer (err = 104)
ReadBuffer failed: Connection reset by peer (err = 104)
ReadBuffer failed: Connection reset by peer (err = 104)

Solution:

Please get in touch with JANET!

  1. There appears to be a problem with either your credentials or with the RP realm that you specified.
  2. Check that the value of your RP realm is correct and the same as the one you specified when you applied for credentials at JANET.

 

Problem

I can't seem to be able to connect my service to the trust router infrastructure. It seems to start but then I get the following error when running the TIDC command:

tidc_open_connection: Opening GSS connection to tr1.moonshot.ja.net:12309.gss_connect: Connecting to host 'tr1.moonshot.ja.net' on port 12309
CTRL-EVENT-EAP-STARTED EAP authentication started
:
:
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
tidc_fwd_request: Sending TID request: {"msg_type": "tid_request", "msg_body": {"rp_realm": "my RP realm", "target_realm": "apc.moonshot.ja.net", "community": "apc.moonshot.ja.net", ...}

tidc_fwd_request: Response Received (226 bytes).
{"msg_type": "tid_response", "msg_body": {"result": "error", "comm": "apc.moonshot.ja.net", "target_realm": "apc.moonshot.ja.net", "rp_realm": "target_realm", "err_msg": "Can't open connection to next hop TIDS"}}
tr_msg_decode_tidresp(): Error! result = error.
Response received! Realm = apc.moonshot.ja.net, Community = apc.moonshot.ja.net.

tidc_resp_handler: Response is an error.

Solution:

Please get in touch with JANET!

  1. There appears to be a problem with either your credentials or with the RP realm that you specified.
  2. Check that the value of your RP realm is correct and the same as the one you specified when you applied for credentials at JANET.

 

More to come...

 

  • No labels