johnboy68 wrote:
I have ntlm_auth working. I can auth my AD users with this command:
radtest -t mschap aduser aspassword localhost 0 testing123
And it works.
Good!
My problem is when I configure one of my Cisco switches to do 802.1x and authenticate with Freeradius my Windows (Windows 7 and Vista) machines fail to get authorized with the Windows supplicant. I am running Freeradius in debug mode and have tried to trace down where it is failing on my own but since I have no experience in this area I am just chasing my tail. Is it a problem with PEAP, EAP, TLS? Do I need a certificate? I just don't know and if I did I wouldn't know how to configure it. I have not been able to find any conclusive documentation in this area.
The Wiki describes this. See the "Certificate Compatibility" page. See also my AD integration guide: http://deployingradius.com. That should be pointed to from the Wiki, too. That guide contains *detailed* instructions for what to do. The only time it hasn't worked for people is when they didn't follow its instructions.
I could put the output here of what Freeradius outputs during a connection attempt but I since I am testing this in our production environment, I don't want to put that kind of information out in a public forum.
Run it in debug mode and read the output. What does it say? What warnings / errors does it produce? Alan DeKok.