Help PLease

Adam Schappell aschappell at clearedgeit.com
Tue Mar 31 15:47:04 CEST 2015


Does anyone have a front end interface they like to use? Daloradius does
not seem to support LDAP/AD when showing users connected to AP's.

Thanks

Adam Schappell
System Administrator II
Clearedge IT Solutions, LLC
10620 Guilford Road
Jessup, MD 20794
Office:443-212-4712
Fax:443-212-4809
www.ClearEdgeIT.com <http://www.clearedgeit.com/>


On Mon, Mar 30, 2015 at 4:57 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> > Ok I am almost done with all the questions... Now when I go to login to
> > wifi I am able to download cert and everything but I get an
> authentication
> > failure. I have read most of it and am a little confused. Just wondering
> if
> > any one had better insight on this.
>
>
> look, I take it that you are new to FreeRADIUS - but surely you have read
> the output that you've posted to this list...and seen what it is that is
> different
> to the request now using EAP compared to when you were testing with
> radtest....
>
> > [peap] Setting User-Name to CORP\aschappell
>
> look - CORP/aschappell is what was sent through from your client, through
> the NAS to
> your RADIUS server
>
> > User-Name = "CORP\\aschappell"
>
> see...part of the RADIUS datagram
>
> > # Executing section authorize from file
> > /etc/raddb/sites-enabled/inner-tunnel
>
> EAP is working okay...you got into the inner-tunnel
>
> > [ldap] performing user authorization for CORP\aschappell
> >
> > [ldap] expand: %{Stripped-User-Name} ->
>
> stripped-user-name is blank because the user-name didnt match any of your
> prefix
> or suffix rules...so its kept the same.
>
> >   [ldap] object not found
> >
> > [ldap] search failed
>
> ..and unlike your plain test, this fails now.
>
> ...and because this fails, everything else fails as theres no password to
> use for the
> authentication modules.
>
>
> so, if you want to deal with this, you either need to handle that prefix
> OR you need to
> strip it - by either defining it in proxy.conf or enabling the ntdomain
> module which will
> deal with it.  the domain is coming from your windows client...ist the
> sort of things they do
> (alternatively, configure the windows client to NOT log in using windows
> username/password(!) )
>
>
> but I'll stop you at this point.... you appear to be going down the route
> of trying to
> use AD with PEAP - using the LDAP module.... and I'm afraid you wont get
> much further.
> you need to use the mschap module with ntlm_auth to do the required
> authentication,
> AUTHORISATION is okay with LDAP using MS AD but authentication = no.
>
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list