<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Hello All,<br><br>I need some help authenticating against AD. I have followed directions online as best as I can, but things still aren't working as expected. I'm ultimately hoping to have our VPN users and admins logging into Cisco network equipment authenticate against AD through our FreeRADIUS 2 installation. Today, I have been testing authentication from one of Cisco switches, and I continually receive this basic output:<br><br>rad_recv: Access-Request packet from host w.x.y.z port 37611, id=147, length=61<br> User-Name = "mphillips"<br> User-Password = "xxxx"<br> NAS-IP-Address = w.x.y.z<br> NAS-Port = 2000<br>Thu Nov 19 16:17:34 2009 : Info: +- entering group authorize {...}<br>Thu Nov 19 16:17:34 2009 : Info: ++[preprocess] returns ok<br>Thu Nov 19 16:17:34 2009 : Info: [suffix] No '@' in User-Name = "mphillips", looking up realm NULL<br>Thu Nov 19 16:17:34 2009 : Info: [suffix] No such realm "NULL"<br>Thu Nov 19 16:17:34 2009 : Info: ++[suffix] returns noop<br>Thu Nov 19 16:17:34 2009 : Info: [eap] No EAP-Message, not doing EAP<br>Thu Nov 19 16:17:34 2009 : Info: ++[eap] returns noop<br>Thu Nov 19 16:17:34 2009 : Info: ++[unix] returns updated<br>Thu Nov 19 16:17:34 2009 : Info: ++[files] returns noop<br>Thu Nov 19 16:17:34 2009 : Info: ++[expiration] returns noop<br>Thu Nov 19 16:17:34 2009 : Info: ++[logintime] returns noop<br>Thu Nov 19 16:17:34 2009 : Info: ++[pap] returns updated<br>Thu Nov 19 16:17:34 2009 : Info: Found Auth-Type = PAP<br>Thu Nov 19 16:17:34 2009 : Info: +- entering group PAP {...}<br>Thu Nov 19 16:17:34 2009 : Info: [pap] login attempt with password "xxxx"<br>Thu Nov 19 16:17:34 2009 : Info: [pap] Using CRYPT encryption.<br>Thu Nov 19 16:17:34 2009 : Info: [pap] Passwords don't match<br>Thu Nov 19 16:17:34 2009 : Info: ++[pap] returns reject<br>Thu Nov 19 16:17:34 2009 : Info: Failed to authenticate the user.<br>Thu Nov 19 16:17:34 2009 : Auth: Login incorrect (rlm_pap: CRYPT password check failed): [mphillips/xxxx] (from client w.x.y.z port 2000)<br>Thu Nov 19 16:17:34 2009 : Info: Using Post-Auth-Type Reject<br>Thu Nov 19 16:17:34 2009 : Info: +- entering group REJECT {...}<br>Thu Nov 19 16:17:34 2009 : Info: [attr_filter.access_reject] expand: %{User-Name} -> mphillips<br>Thu Nov 19 16:17:34 2009 : Debug: attr_filter: Matched entry DEFAULT at line 11<br>Thu Nov 19 16:17:34 2009 : Info: ++[attr_filter.access_reject] returns updated<br>Thu Nov 19 16:17:34 2009 : Info: Delaying reject of request 5 for 1 seconds<br>Thu Nov 19 16:17:34 2009 : Debug: Going to the next request<br>Thu Nov 19 16:17:34 2009 : Debug: Waking up in 0.9 seconds.<br>Thu Nov 19 16:17:36 2009 : Info: Sending delayed reject for request 5<br>Sending Access-Reject of id 147 to w.x.y.z port 37611<br>Thu Nov 19 16:17:36 2009 : Debug: Waking up in 4.6 seconds.<br>Thu Nov 19 16:17:42 2009 : Info: Cleaning up request 5 ID 147 with timestamp +1181<br>Thu Nov 19 16:17:42 2009 : Debug: Ready to process requests.<br><br><br>I can't tell from this output if the RADIUS server is ever even attempting to reach AD. Obviously, if I enter the correct password for my username on the RADIUS server itself, authentication will succeed, but this is not the desired behavior at this time.<br><br>Any help is greatly appreciated.<br><br>Michael Phillips<br><br> <br /><hr />Hotmail: Trusted email with Microsoft's powerful SPAM protection. <a href='http://clk.atdmt.com/GBL/go/177141664/direct/01/
http://clk.atdmt.com/GBL/go/177141664/direct/01/
' target='_new'>Sign up now.</a></body>
</html>