Freeradius and eDirectory
Danner, Mearl
jmdanner at samford.edu
Fri Jan 4 19:06:34 CET 2008
Somewhere, can't remember where, the password gets changed like that to
force an authentication failure in eDirectory. If there are enough tries
it will trigger eDirectory's intruder detection lockout - if it's
enabled.
Are you sure the user is "authorized"? Since you didn't send a debug log
I'm assuming that you did not have one. The only way you can see if the
user is authorized by freeradius is through the debug log. Any other
reference to authorized - as in the wireless connect dialogue from
Windows - is not what freeradius is talking about.
We saw this behavior when the userid in eDirectory did not have the
proper radius attributes set. It has to have them and eDirectory has to
return them in order for the user to be authorized. Then freeradius
binds to eDirectory with the userid and password for authentication.
Mearl
-----Original Message-----
From: freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.o
rg] On Behalf Of Alan DeKok
Sent: Friday, January 04, 2008 11:35 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius and eDirectory
Generic Generic wrote:
> I'm setting up Freeradius 1.1.4 on a SUSE 10 server for our wireless
> users with XP SP2 using PEAP. Because we use eDirectory I strip the
> computer name from the username, not every users uses the Novell
client.
> The user get authorize but I can't get the authentication to work. For
> some reason the first character of the users password is change for a
> "a", if the first character is a "a" then it is change for something
> else. ???
The default configuration of FreeRADIUS doesn't re-write passwords
this way. In fact, it doesn't re-write passwords at all.
Either you changed something on your local system to re-write the
passwords like this, OR this is actually how the passwords are being
received by FreeRADIUS.
If this is how the passwords are being received by FreeRADIUS, then it
is NOT a FreeRADIUS problem. Go fix the client, or use a client that
works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list