edir authentication problem

To: freeradius-users@lists.freeradius.org
Subject: edir authentication problem
From: "Generic Generic" <rmc0111@gmail.com>
Date: Mon, 31 Dec 2007 13:01:17 -0500
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hi,

I really need help with this one. I'm setting up Freeradius 1.1.4 on a SUSE 10 server for our wireless users with XP SP2 using PEAP. Because we use eDirectory I strip the computer name from the username, not every users uses the Novell client. The user get authorize but I can't get the authentication to work. For some reason the first character of the users password is change for a "a", if the first character is a "a" then it is change for something else. ???

I installed the 885453 and 917021 patches for Windows XP SP2 and changed the supplicant mode to 3, didn't help.

This problem does not occur with users using the Novell client SP4.

I included a few lines from the debug, the password should be mypassw instead of aypassw.

Robert

ldap_msgfree

TLS trace: SSL_connect:before/connect initialization

TLS trace: SSL_connect:SSLv2/v3 write client hello A

TLS trace: SSL_connect:SSLv3 read server hello A

TLS certificate verification: depth: 1, err: 0, subject: /OU=Organizational CA/O=CS, issuer: /OU=Organizational CA/O=CS

TLS certificate verification: depth: 0, err: 0, subject: /O=CS/CN= rep01.mydomain.ca, issuer: /OU=Organizational CA/O=CS

TLS trace: SSL_connect:SSLv3 read server certificate A

TLS trace: SSL_connect:SSLv3 read server done A

TLS trace: SSL_connect:SSLv3 write client key exchange A

TLS trace: SSL_connect:SSLv3 write change cipher spec A

TLS trace: SSL_connect:SSLv3 write finished A

TLS trace: SSL_connect:SSLv3 flush data

TLS trace: SSL_connect:SSLv3 read finished A

rlm_ldap: bind as cn=User1,ou=Techs,o=ORG/aypassw to rep01.mydomain.ca:389 <=

ldap_bind

...

ldap_chase_referrals

read1msg: V2 referral chased, mark request completed, id = 2

new result: res_errno: 49, res_error: <NDS error: failed authentication (-669)>, res_matched: <>

read1msg: ld 0x8013f578 0 new referrals

read1msg: mark request completed, ld 0x8013f578 msgid 2

request done: ld 0x8013f578 msgid 2

res_errno: 49, res_error: <NDS error: failed authentication (-669)>, res_matched: <>

ldap_free_request (origid 2, msgid 2)

ldap_free_connection 0 1

ldap_free_connection: refcnt 1

ldap_parse_result

ldap_msgfree

rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf

ldap_free_connection 1 1

ldap_send_unbind

ldap_free_connection: actually freed

TLS trace: SSL3 alert write:warning:close notify

rlm_ldap: eDirectory account policy check failed.

rlm_ldap: NDS error: failed authentication (-669)

rlm_ldap: ldap_release_conn: Release Id: 0

modcall[post-auth]: module "ldap1" returns reject for request 1

modcall: leaving group REJECT (returns reject) for request 1

Delaying request 1 for 1 seconds

Finished request 1

Going to the next request

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Sending Access-Reject of id 24 to 10.228.14.81 port 20000

Reply-Message = "NDS error: failed authentication (-669)"

Previous by Date: Re:
Next by Date: Two 'secret' entries in clients.conf
Previous by Thread: Re: EAP-TTLS tunnel
Next by Thread: Error building rpm
Freeradius-Users December 2007 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.