freeradius, windows 2003 ADS - authentication fails

Jacob Jarick mem.namefix at gmail.com
Thu Apr 12 12:21:57 CEST 2007


Thanks for your prompt reply Alan,
My 1st post so forgive the omission, I will clear the logs then post
radtest and the log info tomorrow once at work.

On 4/12/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > Hi I have recently setup freeradius on fedora 6 and I need it to
> > authenticate against windows ADS. Currently the requests come through
> > the AP but are rejected by freeradius.
>
>   The reason is in the logs.
>
> > [root at fedora raddb]# radtest Administrator tfxsol 127.0.0.1:1812 10 testing123
> > Sending Access-Request of id 40 to 127.0.0.1 port 1812
> >         User-Name = "Administrator"
> >         User-Password = "tfxsol"
> >         NAS-IP-Address = 255.255.255.255
> >         NAS-Port = 10
> > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=20
>
>   Unfortunately, you've showed radtest giving a reject, but have NOT
> shown the corresponding debugging output from radtest.  Instead, the
> debugging output is from a login via the AP:
> ...
> > rad_recv: Access-Request packet from host 10.1.1.110:1645, id=117, length=164
> >         User-Name = "TFXSCHOOL\\Administrator"
>
>   Which is not the "radtest" packet you quoted above.
>
> > rlm_eap: Identity does not match User-Name, setting from EAP Identity.
> >   rlm_eap: Failed in handler
>
>   Read "eap.conf".  Also, see which module is mangling the User-Name
> attribute.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list