PEAP authenication issues - sort of

Sylvain Robitaille syl at alcor.concordia.ca
Fri Jun 13 15:15:40 CEST 2008


I'm not anywhere near expert enough with FreeRADIUS to be able to point
you to the solution to your problem, but I think I can at least help you
understand some of the behaviour you're seeing ...

On Thu, 12 Jun 2008, Capelle, Mark (PCMC-GB) wrote:

> Thu Jun 12 13:21:54 2008 : Auth: Login incorrect (rlm_ldap: User not
> found): [DOMAIN\\nonworkinguser/<via Auth-Type = EAP>] (from client
> WLANCTRLR1 port 0)

This part is very significant of course.  Can you perform an LDAP search
for the user, using the same credentials and search filters as are used
by FreeRADIUS?

> If I try the samba authentication from a command line on the FreeRADIUS
> server, it completes successfully:

That suggests to me that your non-working user exists in the directory,
but not in the container that FreeRADIUS is looking for it in its LDAP
configuration.  For example does the user exist in the "basedn" you have
configured RADIUS to look in?

> If I test authentication of the user using radtest, it works fine and
> is able to find the user: ...

Follow the RADIUS server's -X output when you do that and compare to when
an authentication request comes in from the WLAN controller.  You'll find
that radtest isn't performing any form of EAP authentication so your PEAP
setup isn't being tested with that.  To test thoroughly you'll probably
want to use a utility such as wpa_supplicant's eapol_test.

I'm sorry I can't help more than that but I hope I'll have helped you
gather more information and test more closely to what you want to be
testing.

-- 
----------------------------------------------------------------------
Sylvain Robitaille                              syl at alcor.concordia.ca

Systems and Network analyst                       Concordia University
Instructional & Information Technology        Montreal, Quebec, Canada
----------------------------------------------------------------------



More information about the Freeradius-Users mailing list