freeradius, windows 2003 ADS - authentication fails
Alan DeKok
aland at deployingradius.com
Thu Apr 12 12:01:57 CEST 2007
Jacob Jarick wrote:
> Hi I have recently setup freeradius on fedora 6 and I need it to
> authenticate against windows ADS. Currently the requests come through
> the AP but are rejected by freeradius.
The reason is in the logs.
> [root at fedora raddb]# radtest Administrator tfxsol 127.0.0.1:1812 10 testing123
> Sending Access-Request of id 40 to 127.0.0.1 port 1812
> User-Name = "Administrator"
> User-Password = "tfxsol"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 10
> rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=20
Unfortunately, you've showed radtest giving a reject, but have NOT
shown the corresponding debugging output from radtest. Instead, the
debugging output is from a login via the AP:
...
> rad_recv: Access-Request packet from host 10.1.1.110:1645, id=117, length=164
> User-Name = "TFXSCHOOL\\Administrator"
Which is not the "radtest" packet you quoted above.
> rlm_eap: Identity does not match User-Name, setting from EAP Identity.
> rlm_eap: Failed in handler
Read "eap.conf". Also, see which module is mangling the User-Name
attribute.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list