<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
pre
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=FR link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hello,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>We are trying to use freeradius 1.1.2 to </span></font><span
lang=EN-GB>authentication</span><font size=2 face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial'> our users on our wired network
(802.1X). <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Our architecture is the following:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Client
switch<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Windows Xp ---</span></font><font
size=2 face=Wingdings><span style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>
Enterasys ---</span></font><font size=2 face=Wingdings><span lang=EN-GB
style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font size=2
face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>
freeradius 1.1.2 ---</span></font><font size=2 face=Wingdings><span lang=EN-GB
style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font size=2
face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>
edirectory <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Aegis ldaps
LUM<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Once the user gets the authorisation access, it gets
its vlan too and begins the system logon to the NT server account and to the
novell edirectory account (fire sharing)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>The users connect through Aegis client on XP SP2
operating system.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>The NAS are ours switches (Enterasys V2 and C2)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>The </span></font><span lang=EN-GB>authentication</span><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'>
schema is PEAP MSCHAPV2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>The users’ base is edirectory which is accessed
by freradius thanks to ldaps.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>We have configured edirectoty with Universal password
and extend its schema in order to add radius attributes. (as indicate in
documentation given by novell)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Its works except when the user’s password
contains special characters.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'>By example,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'>If the user password is ale00000 the log is:<o:p></o:p></span></font></p>
<pre><font size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt'>rlm_ldap: bind as uid=david ,ou=XXX,dc= XXX/ale00000…………. <o:p></o:p></span></font></pre><pre><font
size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt'>The authentication works.<o:p></o:p></span></font></pre><pre><font
size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt'><o:p> </o:p></span></font></pre>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'>If the user password is alé00000 the log is:<o:p></o:p></span></font></p>
<pre><font size=2 face="Courier New"><span lang=EN-GB style='font-size:10.0pt'>rlm_ldap: bind as uid=david ,ou=XXX,dc= XXX/blé00000…………. <o:p></o:p></span></font></pre>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'>The authentication fails.</span></font><font size=2
face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>I have tried with others passwords and it gives<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>alé00000 </span></font><font size=2 face=Wingdings><span
lang=EN-GB style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> blé00000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>blé00000 </span></font><font size=2 face=Wingdings><span
lang=EN-GB style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>alé00000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>clé00000 </span></font><font size=2 face=Wingdings><span
lang=EN-GB style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>alé00000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>dlé00000 </span></font><font size=2 face=Wingdings><span
lang=EN-GB style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>alé00000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>rlé00000 </span></font><font size=2 face=Wingdings><span
lang=EN-GB style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span lang=EN-GB style='font-size:10.0pt;font-family:Arial'> </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>alé00000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>d&é »’(-è </span></font><font size=2
face=Wingdings><span style='font-size:10.0pt;font-family:Wingdings'>à</span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>
a&é »’(-è<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>any help will be welcome<font color=navy><span
style='color:navy'> </span></font>for any clue to solve this problem; (witch is
a real problem because a lot of our users come to see us when they change
theirs passwords)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>By the way, excuse me for my approximate english.<o:p></o:p></span></font></p>
</div>
</body>
</html>