freeradius, windows 2003 ADS - authentication fails
Jacob Jarick
mem.namefix at gmail.com
Thu Apr 12 12:21:57 CEST 2007
Thanks for your prompt reply Alan,
My 1st post so forgive the omission, I will clear the logs then post
radtest and the log info tomorrow once at work.
On 4/12/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > Hi I have recently setup freeradius on fedora 6 and I need it to
> > authenticate against windows ADS. Currently the requests come through
> > the AP but are rejected by freeradius.
>
> The reason is in the logs.
>
> > [root at fedora raddb]# radtest Administrator tfxsol 127.0.0.1:1812 10 testing123
> > Sending Access-Request of id 40 to 127.0.0.1 port 1812
> > User-Name = "Administrator"
> > User-Password = "tfxsol"
> > NAS-IP-Address = 255.255.255.255
> > NAS-Port = 10
> > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=20
>
> Unfortunately, you've showed radtest giving a reject, but have NOT
> shown the corresponding debugging output from radtest. Instead, the
> debugging output is from a login via the AP:
> ...
> > rad_recv: Access-Request packet from host 10.1.1.110:1645, id=117, length=164
> > User-Name = "TFXSCHOOL\\Administrator"
>
> Which is not the "radtest" packet you quoted above.
>
> > rlm_eap: Identity does not match User-Name, setting from EAP Identity.
> > rlm_eap: Failed in handler
>
> Read "eap.conf". Also, see which module is mangling the User-Name
> attribute.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list