Freeradius problem, EAP-TTLS works fine, EAP-PEAP does not
Jean-Yves Avenard
jyavenard at gmail.com
Thu Aug 26 20:44:50 CEST 2010
Hi
On Thursday, August 26, 2010, Alan DeKok <aland at deployingradius.com> wrote:
> Jean-Yves Avenard wrote:
>> I am running freeradius that comes installed and configured with MacOS
>> 10.6 server.
>>
>> A Windows XP can connect just fine using Microsoft Protected EAP.
>> iPhone, mac os client connect just fine using EAP-TTLS
>>
>> Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but
>> not with the default build-in PEAP.
>
> The log you posted shows a clear issue:
>
>> When connecting with Windows 7, I would read:
>>
>> Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the
>> user's uuid.
>> Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef():
>> dsGetRecordList() status = 0, recCount=0
>>
>>
>> Any hint about what I should be looking at?
>
> Run the server in debugging mode (radiusd -X). Look for the above
> errors, and *read* the lines of text around them.
>
> Then use the information from the debug output to look the user up in
> OpenDirectory. Odds are that the user doesn't exist, which is why it
> can't get the UUID.
I was the one doing the testing. Username/password are identical in all tests.
>
>> Mind new, I'm a complete noob when it comes to radius, I only started
>> playing with it 2 days ago.
>
> This isn't much of a RADIUS error. The user lookup in OpenDirectory
> fails, and the UUID wasn't found. The only issue is *who* was being
> looked up, and *why* the UUID wasn't found.
>
Will run radius in debug mode and report back. I'm still puzzled why
there would be a difference between 7 and XP in the way they are
transmitting the user name
More information about the Freeradius-Users
mailing list