NuFW

Hi,

Can you put nuauth in full debug mode and provide a complete log ? A lot of information are missing here.

To put nuauth in debug mode, simply run nuauth_command and tape the command:

debug_level 9

You can also provide information coming from the NuAgent by clicking on the right icon in the systray and selecting the "show log messages" item.

Thanks in advance.

nuagent log:

[2010-06-02 15:01:59.610] Authentication process started
[2010-06-02 15:01:59.625] Kerberos authentication discarded
[2010-06-02 15:01:59.625] Authenticating to ( 172.16.25.45 : 4129 )
[2010-06-02 15:02:06.193] Connection closed

nuauth log in attached file.

nuagent.log does not give much information but nuauth information are more interesting. The connection takes place, TLS is correctly negotiated but the agent does not send the SASL mechanism to be used and disconnect.

This clearly looks like a problem on the Agent. Could you try with a Linux client to be double check that your nuauth is working correctly. A local connection via nutcpc will be a sufficient test. If you confirm this is working with nutcpc, we will investigate on the Agent to try to find what's going on.

log

Ok it seems there is a non verbose SSL reject from nuauth.

Can you edit nuauth.d/nuauth_tls.conf and modify nuauth_tls_request_cert. Set it to 0 instead of 2:

nuauth_tls_request_cert=0

I solve a problem when client could not connect to nuauth (nussl_read failed client didnt choose mechanism)-
it is necessary was setup rpm packet (libsasl2-plug-plain-2.1.22-23mdv2008.0.i586.rpm) on linux server which was in dependency with nufw rpm packet of this release linux.
Now appear new problem - when on windows clients machine i try to start NFAS its doesnt work. Maybe it is bound with same libsasl2-plug-plain-2.1.22-23mdv2008.0.i586.rpm, maybe it work incorrect? Log here.

Or maybe NFAS will not work if uses plaintext authentication mechanism or not?
my settings are:
nuauth_user_check_module="plaintext"

nuauth_acl_check_module="plaintext"

You can not use NFAS to connect to nuauth. For the moment, it can only be used to connect to a NuFirewall. Separated bricks will be available later but for now you can't use the latest generation of our interface without installing a NuFirewall distribution.

I'm install "http://www.nufw.org/projects/nufw/files/nufw-2.4.2.tar.gz", supposed thats it is nufirewall, or not?
Succesful start nufw and nuauth.
Nufirewall distribution - it nufw-2.x.x or something else? My english bad, i'm russian, sorry.

No, NuFW is the authentication layer only. It does not provide any interface. NuFirewall is a complete firewall distribution containing.

You can download it from the followong link Download.