<div>Hello everyone,</div>
<div> </div>
<div>I recently changed the IP address of our RADIUS server and changed domain controllers for Windows Authentication. Besides that change we decided to use LDAP instead of LDAPS on the new domain controller. I didn't think I would run into a problem with my test lab on the changes that were made. I'm stumped why the devices can no longer authenticate. Anyone have any ideas as I'm getting familiar with FreeRADIUS and Linux. I appreciate any input...</div>
<div> </div>
<div>Below is an output of the debug: </div>
<div> </div>
<div>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Listening on command file /usr/local/var/run/radiusd/radiusd.sock<br>Listening on proxy address * port 1814<br>Ready to process requests.<br>
rad_recv: Access-Request packet from host 192.168.213.254 port 1645, id=13, length=85<br> NAS-IP-Address = 192.168.213.254<br> NAS-Port = 1<br> NAS-Port-Type = Virtual<br> User-Name = "edwinadmin"<br>
Calling-Station-Id = "192.168.213.207"<br> User-Password = "Teddy133"<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[digest] returns noop<br>[suffix] No <a href="mailto:'@'" target="_blank">'@'</a> in User-Name = "edwinadmin", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[ntdomain] No '\' in User-Name = "edwinadmin", looking up realm NULL<br>[ntdomain] No such realm "NULL"<br>++[ntdomain] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns notfound<br>++[files] returns noop<br>[ldap] performing user authorization for edwinadmin<br>[ldap] expand: (&(objectCategory=user)(samaccountname=%{user-name})(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM)) -> (&(objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM))<br>
[ldap] expand: dc=eidev,dc=com -> dc=eidev,dc=com<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to <a href="http://eidev-dc6.eidev.com:389/" target="_blank">eidev-dc6.eidev.com:389</a>, authentication 0<br>
rlm_ldap: bind as eidev\radius/N3tw0rkd3^ to <a href="http://eidev-dc6.eidev.com:389/" target="_blank">eidev-dc6.eidev.com:389</a><br>rlm_ldap: waiting for bind result ...<br>rlm_ldap: Bind was successful<br>rlm_ldap: performing search in dc=eidev,dc=com, with filter (&(objectCategory=user)(samaccountname=edwinadmin)(memberOf=cn=MIS-NetworkAdmins-All,OU=Security Groups,OU=MIS Admin,DC=EIDEV,DC=COM))<br>
rlm_ldap: ldap_search() failed: Operations error<br>[ldap] search failed<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>++[ldap] returns fail<br>Invalid user: [edwinadmin] (from client EIDEV LAB port 1 cli 192.168.213.207)<br>
Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> edwinadmin<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 13 to 192.168.213.254 port 1645<br>Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 13 with timestamp +50<br>Ready to process requests.<br></div>