<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"> </BLOCKQUOTE> <div><STRONG>Hi, list</STRONG></div> <div><STRONG> </STRONG></div> <div><STRONG> I have no samba installed in my linux.</STRONG></div> <div><STRONG></STRONG> </div> <div><STRONG>1.freeradius + AD : </STRONG></div> <div><STRONG> When I user radtest tool to test user/password on Win2k3/AD, I can get correct answer when I set authenticate type to ldap too.</STRONG></div> <div><STRONG></STRONG> </div> <div><STRONG>2.eap/peap + 8021x + freeradius + openldap: </STRONG></div> <div><STRONG> Success.</STRONG></div> <div><STRONG></STRONG> </div> <div><STRONG>3.eap/peap + 8021x + freeradius + Win2k3/AD</STRONG></div> <div><STRONG> When I auth the Winxp user access to switch. It failed. Even if I set Authenticate type to ldap or not,
why?? </STRONG></div> <div> </div> <div>rad_recv: Access-Request packet from host 10.155.20.84:1077, id=179, length=206<BR> User-Name = "hwang"<BR> NAS-IP-Address = 10.155.20.84<BR> NAS-Identifier = "hiveos"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-00-34:hhe"<BR> Calling-Station-Id = "00-19-E0-80-A5-5A"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message =
0x0237002b19001703010020ee2ceed58c0ee38c2943f392498a1d0ce71f57156ed1e81ea1ae15ad61a5f53b<BR> State = 0x00bebc716634b88b8ea1ecd2216ccf25<BR> Message-Authenticator = 0xec79f9c13e33bd20c35a6a6a7d6f291d<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 65<BR> modcall[authorize]: module "mschap" returns noop for request 65<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "hwang", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 65<BR> rlm_eap: EAP packet type response id 55 length 43<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 65<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization
for hwang<BR>radius_xlat: '(cn=hwang)'<BR>radius_xlat: 'cn=users,dc=aehve,dc=com'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in cn=users,dc=aehve,dc=com, with filter (cn=hwang)<BR>rlm_ldap: checking if remote access for hwang is allowed by cn<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user hwang authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 65<BR>modcall: leaving group authorize (returns updated) for request 65<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 65<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type
peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR> eaptls_verify returned 7<BR> rlm_eap_tls: Done initial handshake<BR> eaptls_process returned 7<BR> rlm_eap_peap: EAPTLS_OK<BR> rlm_eap_peap: Session established. Decoding tunneled attributes.<BR> rlm_eap_peap: Received EAP-TLV response.<BR> rlm_eap_peap: Tunneled data is valid.<BR> rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.<BR> rlm_eap: Handler failed in EAP/peap<BR> rlm_eap: Failed in EAP select<BR> modcall[authenticate]: module "eap" returns invalid for request 65<BR>modcall: leaving group authenticate (returns invalid) for request 65<BR>auth: Failed to validate the user.<BR>Sending Access-Reject of id 179 to 10.155.20.84 port 1077<BR> EAP-Message = 0x04370004<BR></div> <div> </div> <div> </div> <div>
Thanks!</div> <div> </div> <div> John</div> <div> </div><BR><BR><p>
<hr size=1><a href="http://cn.mail.yahoo.com" target=blank>ÇÀ×¢ÑÅ»¢Ãâ·ÑÓÊÏä3.5GÈÝÁ¿£¬20M¸½¼þ£¡</a>