-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update of RADIUS server certificates - how to do that #14
Comments
Let me know how I can help. I’m also happy to test. |
FYI (and you probably already know this): I was able to regenerate the original UBIOS RADIUS certificates by renaming/removing the In the course of my earlier testing, I lost my backup of the original UBIOS RADIUS cert. Since the NB: I had to completely reboot the UDM to get the cert/key to regenerate. I tried |
@OverengineeredNetwork could you try the following please - if possible.
If this is stuck or shows weird behaviour, a |
@alxwolf,
I was able to disjoin and re-join my RADIUS-Authenticated WiFi Network without any certificate errors. However, I could not browse to any websites or post this reply. It was as if DNS could not resolve external or internal hosts. Other RADIUS-Authenticated WiFi clients also lost the ability to resolve public hostnames. |
@OverengineeredNetwork Thanks for being so quick in testing it. Do yo run pi-hole as DNS on the UDM Pro (I do that)? Had the same issue (must Are now the correct certificates installed for the Radius server? |
Those iOS notifications from the controller don't do anything. Everything works. I just get these notifications occasionally. I "forgot" the RADIUS WiFi network on my iPhone and Mac and rejoined them anew. Everything worked as expected. |
Based on this testing, I
All of my wifi devices seemed to keep their connection to the SSID, but I couldn't navigate anywhere. I had to toggle wifi off and on again to accept the NEW RADIUS cert on each device. Once I accepted the new RADIUS cert on my devices, I checked to see if the cert had been applied to my controller and my AdGuardHome podman container. Everything works as expected. Whatever that Also, of note, the I'm still learning GitHub--not sure how I can propose these changes to help. TLDR:
|
@CaseyTal so. Good news is I got it sorted out "in principal"™ bad news is: won't be able to offer it for V1.x (due to lack of equipment for testing), but nobody should care as we should all move to V2.0 (or V3.0 soon). Plus, right now I can only make free radius read the new certificate by rebooting the box, like stated here by @tackynugget. So, some more research required. |
Fair enough. Have you made any changes to the files yet? I'm on 2.x, so that's fine by me! And the reboot would only be once, correct? OR would that be required in the event of a power outage as well? |
Fixes #14 New pitch at this problem. waiting for feedback from those who dare.
@CaseyTal you could try the main branch now, as I believe I've been able to sort it out now. At first login, devices will (might?, only tried with a Mac and iOS) ask you to nod off the certificate - but at least now the right name is displayed, not "UbiOS Radius etc.", and it is shown as valid, for not being self-signed by UI. @tackynugget, thanks for the effort you put into deciphering what UI does. With 2.x, I've been able to get it to work (i.e., updated cert presented) by restarting the service with |
Which DNS provider do you use? in case it's not GoDaddy, you must comment out
the <> will break parsing the file |
Created a separate branch to work on this topic. Seems a bit more complicated than expected and equally "well-documented" by Ubiquiti as usual.
Linked with issue #12 and PR #13
The text was updated successfully, but these errors were encountered: