freeradius against AD authentication not working

King, Michael MKing at bridgew.edu
Wed Nov 1 15:48:18 CET 2006


 

> -----Original Message-----
> "Karthik R" <kartthikr at gmail.com> wrote:
> > When i try to connect to access
> > point, it takes the local machine name default instead of 
> asking for 
> > username and password.
> 
>   You have to configure the local machine to NOT authenticate 
> as the machine.  It's in the Windows supplicant configuration 
> somewhere.
> 
>   There is nothing you can do to the NAS or RADIUS server to 
> solve this problem.
> 
>   Alan DeKok.


Alan is completely correct, you have to configure the suppilance to ask
for a username password.

If your this early in your deployment, I'd suggest you look at the
SecureW2 supplicant as opposed to the Built-in XP one.
http://securew2.alfa-ariss.com/  (Site seems to be down at the moment,
hopefully back up by the time you read this)  It's a hell of a lot
easier, plus you can script it so that it will automatically deploy with
the correct options selected.  There is no way to do this with WZC
(Windows Zero Config, the XP supplicant)

The way to disable this in the WindowsXP client:
Network Connections -> Right Click on Network Adaptor - > Properties ->
Wireless Network Tab -> SSID Properties -> Authentication tab ->

The EAP type tab should be set to Protected EAP (PEAP)  (This is NOT the
default)
Uncheck the "authenticate as a computer when computer information is
availble"

Hit the properties button

On this screen, you MAY have to disable the "Validate server
certificate"  This is entirely dependant on how you created the cert
that is located on your server.  Obviously, you want to have this option
enabled, but for testing purposes, DISABLE it now.  After you get your
setup working, ReENABLE this, and see if it still works.  If it doesn't,
you do not have the magic OID's in the CERT.

Towards the bottom, you'll see select Authentication Method.  Hit the
"Configure" button there:

Uncheck the Automatically use my Winodws Logon Name and Password (and
domain if any)

Hit OK to all boxes to save the changes




More information about the Freeradius-Users mailing list