<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Hi,</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">I really need help with this one. I'm setting up Freeradius 1.1.4 on a SUSE 10 server for our wireless users with XP SP2 using PEAP. Because we use eDirectory I strip the computer name from the username, not every users uses the Novell client. The user get authorize but I can't get the authentication to work. For some reason the first character of the users password is change for a "a", if the first character is a "a" then it is change for something else. ???
</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">I installed the 885453 and 917021 patches for Windows XP SP2 and changed the supplicant mode to 3, didn't help.
</font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"></font></span> </div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">This problem does not occur with users using the Novell client SP4.</font></span></div>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> I included a few lines from the debug, the password should be mypassw instead of aypassw.</font></span>
</p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Robert</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_msgfree</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:before/connect initialization</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv2/v3 write client hello A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 read server hello A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS certificate verification: depth: 1, err: 0, subject: /OU=Organizational CA/O=CS, issuer: /OU=Organizational CA/O=CS
</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS certificate verification: depth: 0, err: 0, subject: /O=CS/CN=<a href="http://rep01.mydomain.ca">
rep01.mydomain.ca</a>, issuer: /OU=Organizational CA/O=CS</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 read server certificate A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 read server done A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 write client key exchange A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 write change cipher spec A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 write finished A</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 flush data</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL_connect:SSLv3 read finished A</font></span></p>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">rlm_ldap: bind as cn=User1,ou=Techs,o=ORG/aypassw to <a href="http://rep01.mydomain.ca:389">rep01.mydomain.ca:389
</a>  <=                                     </font></span></div>
<div class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"></span><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_bind</font></span></div>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">...</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri"> </font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_chase_referrals</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">read1msg:  V2 referral chased, mark request completed, id = 2</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">new result:  res_errno: 49, res_error: <NDS error: failed authentication (-669)>, res_matched: <>
</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">read1msg: ld 0x8013f578 0 new referrals</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">read1msg:  mark request completed, ld 0x8013f578 msgid 2</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">request done: ld 0x8013f578 msgid 2</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">res_errno: 49, res_error: <NDS error: failed authentication (-669)>, res_matched: <></font>
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_free_request (origid 2, msgid 2)</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_free_connection 0 1</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_free_connection: refcnt 1</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_parse_result</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_msgfree</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf</font>
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_free_connection 1 1</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_send_unbind</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">ldap_free_connection: actually freed</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">TLS trace: SSL3 alert write:warning:close notify</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">rlm_ldap: eDirectory account policy check failed.</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">rlm_ldap: NDS error: failed authentication (-669)</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">rlm_ldap: ldap_release_conn: Release Id: 0</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">  modcall[post-auth]: module "ldap1" returns reject for request 1</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">modcall: leaving group REJECT (returns reject) for request 1</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Delaying request 1 for 1 seconds</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Finished request 1</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Going to the next request</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">--- Walking the entire request list ---</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Waking up in 1 seconds...</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">--- Walking the entire request list ---</font></span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">Sending Access-Reject of id 24 to <a href="http://10.228.14.81">10.228.14.81</a> port 20000</font>
</span></p>
<p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt"><span lang="EN-CA" style="mso-ansi-language: EN-CA"><font face="Calibri">        Reply-Message = "NDS error: failed authentication (-669)"</font></span></p>