freeradius with samba domain and port-access (Christian)
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Tue Apr 10 20:04:53 CEST 2007
"Thanks for help. I think so too, but I have no idea how or even if it
is possible. The WXPSP2 Client with user authentication is not able to
authanticate against the freeradius. There is not even a request
arriving on the freeradius. If I toggle to "Identify with
ComputerInformation if possible" there is at least a request arriving at
the radiusserver. It takes some time, but it works. After the
Authentication with computer Information, its not possible to
authenticate a second time with the user information. How do i have to
configure the client correctly to realize userauthentication? Or do I
need to reconfigure the server?"
I know it sounds stupid, but you have set up the correct radius type for
port based authentication ?
There's two on the HP procurves,
Radius-CHAP
Radius-EAP
Do
show authentication
Via the CLI
and it should give you something looking like this.
* *Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Enabled
| Login Login Enable Enable
Access Task | Primary Secondary Primary Secondary
----------- + ---------- ---------- ---------- ----------
Console | Radius Local Radius Local
Telnet | Local None Local None
Port-Access | EapRadius
Webui | Local None Local None
SSH | Radius Local Radius Local
Web-Auth | ChapRadius
MAC-Auth | ChapRadius
Need to make sure Port-Access is set to EapRadius, else the switch won't
pass the eap messages through correctly.
If it's on Chap
use
config
aaa authentication port-access eap-radius
write mem
---
Arran
More information about the Freeradius-Users
mailing list