Need help with 802.1X authentication to Active Directory
tnt at kalik.co.yu
tnt at kalik.co.yu
Fri Jun 15 21:06:27 CEST 2007
No. I mean this:
# If you see the server send an Access-Challenge,
# and the client never sends another Access-Request,
# then
#
# STOP!
#
# The server certificate has to have special OID's
# in it, or else the Microsoft clients will silently
# fail. See the "scripts/xpextensions" file for
# details, and the following page:
#
# http://support.microsoft.com/kb/814394/en-us
#
# For additional Windows XP SP2 issues, see:
#
# http://support.microsoft.com/kb/885453/en-us
#
# Note that we do not necessarily agree with their
# explanation... but the fix does appear to work.
What you have posted is just a snip of the whole conversation. If it is
the end of it then this is most likely your problem. But to be sure you
need to post the whole thing.
Ivan Kalik
Kalik Infprmatika ISP
Dana 15/6/2007, "Bryant Marsh" <bryantmarsh at cookielee.com> piše:
>
>Ivan,
>
>Well in my EAP.Conf file, I have in the eap module a default_eap_type = peap
>and in my peap module the default_eap_type = mschapv2
>
>Is that correct?
>
>
>tnt wrote:
>>
>> Have you read the bit of eap.conf titled:
>>
>> !!!!! WARNINGS for Windows compatibility !!!!!
>>
>> just above the peap module?
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 15/6/2007, "Bryant Marsh" <bryantmarsh at cookielee.com> piĹĄe:
>>
>>>
>>>Hi Alan,
>>>
>>>My initial config on Centos was to turn firewall off.
>>>I do have authentication going on, but it looks like the certificates are
>>>not working.
>>>
>>>I uploaded a doc with the output of the debug on the first message.
>>>
>>>
>>>http://www.nabble.com/file/p11144608/radius-auth.doc radius-auth.doc
>>>
>>>Bryant
>>>
>>>
>>>
>>>Hi,
>>>
>>>> I have FreeRadius setup as outlined by the Howto at this link.
>>>> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
>>>>
>>>> I am using CENTOS 5 as the host system actiing as the SAMBA/RADIUS
>>>> server.
>>>> All the *.conf files are configured as directed.
>>>> I have joined the radius server to the Active Directory domain and
>>>> configured the radius server with custom SSL certificates.
>>>>
>>>> The Radius server starts correctly but I cannot get my supplicant to
>>>> authenticate.
>>>> Any Ideas?
>>>
>>>> Listening on authentication *:1812
>>>> Listening on accounting *:1813
>>>> Ready to process requests.
>>>
>>>
>>>
>>>....followed by silence. nothing there. no attempts to talk RADIUS ever
>seen.
>>>
>>>looks very much like you need to let the firewall on the CentOS box allow
>>>UDP ports 1812/1813 through
>>>
>>>/sbin/iptables -L -n
>>>
>>>
>>>alan
>>>-
>>>List info/subscribe/unsubscribe? See
>>>http://www.freeradius.org/list/users.html
>>>
>>>
>>>--
>>>View this message in context:
>http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11144608
>>>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>>
>>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
>--
>View this message in context: http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11145180
>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list