Need help with Freeradius and 802.1X
Alan DeKok
aland at deployingradius.com
Wed Nov 2 15:53:13 CET 2011
johnboy68 wrote:
> I have ntlm_auth working. I can auth my AD users with this command:
>
> radtest -t mschap aduser aspassword localhost 0 testing123
>
> And it works.
Good!
> My problem is when I configure one of my Cisco switches to do 802.1x and
> authenticate with Freeradius my Windows (Windows 7 and Vista) machines fail
> to get authorized with the Windows supplicant. I am running Freeradius in
> debug mode and have tried to trace down where it is failing on my own but
> since I have no experience in this area I am just chasing my tail. Is it a
> problem with PEAP, EAP, TLS? Do I need a certificate? I just don't know
> and if I did I wouldn't know how to configure it. I have not been able to
> find any conclusive documentation in this area.
The Wiki describes this. See the "Certificate Compatibility" page.
See also my AD integration guide: http://deployingradius.com. That
should be pointed to from the Wiki, too.
That guide contains *detailed* instructions for what to do. The only
time it hasn't worked for people is when they didn't follow its
instructions.
> I could put the output here of what Freeradius outputs during a connection
> attempt but I since I am testing this in our production environment, I don't
> want to put that kind of information out in a public forum.
Run it in debug mode and read the output. What does it say? What
warnings / errors does it produce?
Alan DeKok.
More information about the Freeradius-Users
mailing list